Adobe fixes Adobe Download Manager flaw – by deleting the software

Adobe's bulletin was a response to a remote code execution flaw identified last week by security researcher Aviv Raff. The flaw enabled attackers to execute arbitrary code on the system. This meant that attackers could direct users to Adobe's website to download legitimate software, but could then instruct them to download any software program of their choice, according to Raff. Consequently, malware distributors could use Adobe's own software to install their malicious files.

One of the fixes for affected systems involves using the Remove Application function in Windows to delete Adobe Download Manager, according to a security bulletin issued by Adobe. The other involves deleting the getPlus Helper service (which is Adobe Download Manager) from the list of services on a Windows system using a command line interface before deleting the folder in which it resides.

However, this flaw was not the only one that Raff discovered. The day before he unvieled a remote code execution flaw, he also found that the program could be made to automatically download a selection of Adobe programs from its website, along with a small selection of third-party software.

"This update covers the remote execution flaw. The other issue, which is not a critical vulnerability, will be addressed in the future," said a spokesperson for Adobe.

However, Raff had already pointed out that even the non-critical vulnerability could be damaging if a zero-day vulnerability is used to hack the latest version of an Adobe product (as has now happened on several occasions).

It is unclear whether following Adobe's actions would stop subsequent patches from being installed for users. However, the company gave the same advice last July, after a moderate security vulnerability was found in Adobe Download Manager. It subsequently replaced the software with a new version the following month.

What’s Hot on Infosecurity Magazine?