We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,646 News Articles

Adobe working on fix for Download Manager bug

Hackers could exploit flaw to distribute malware

Adobe is working on fixing a bug in Download Manager, the app which speeds up downloads of Adobe products.

According to security researcher Aviv Raff, the flaw could be misused by hackers to to force web users to install unwanted software on their computers.

Because of an undisclosed flaw in the way Download Manager works, the "attacker can force an automatic download and installation of any executable he desires", Raff said in a blog.

"So, if you go to Adobe's website to install a security update for Flash, you really expose yourself to a zero-day attack."

Adobe said it was working with Raff and the third-party developer of the Download Manager product to fix the issue.

Download Manager includes an executable program and an ActiveX control or Firefox extension file, depending on which browser is used.

However, it would be hard for a user to install unwanted software without realising it, because "the user has to accept a number of prompts before being taken through the installation process", said Adobe spokeswoman Wiebke Lips.

The Download Manager is different from Adobe's Update Manger, which is used to patch Adobe software.

Download Manager only runs on the computer when software is downloaded, and it removes itself on the next restart. So Raff's attack would only work before that restart removed the Download Manager software.

Still, he believes it is a serious security risk.

"This is the kind of scenario that's common when skilled, motivated attackers are going after select targets," Raff said.

See also: Adobe brings AIR 2.0 to smartphones


IDG UK Sites

Nokia Lumia 930 review: The flagship Windows Phone 8.1 smartphone

IDG UK Sites

Live Blog: Apple financial results, record June quarter, 35.2m iPhones sold, $37.4b revenue

IDG UK Sites

Welcome to the upgrade cycle - you'll never leave

IDG UK Sites

Why smartphone screens are getting bigger