Adobe urges upgrade to avoid critical bug

By

Adobe on Tuesday warned users of a critical flaw in Download Manager that can be exploited to compromise a user's machine.


The same day, the company released an updated version of Reader to address multiple flaws reported last week.

The "highly critical" bug, in versions 2.1 and earlier, is caused by the handling of section names when the application processes AOM files, according to Secunia. Attackers can exploit the flaw to cause a stack-based buffer overflow that could lead to the execution of arbitrary code, the vulnerability tracking firm said in an advisory.

In order for the attack to succeed, however, users must load a malicious Adobe file when visiting a website or through email, according to a company security bulletin released Tuesday.

In lieu of a fix, Adobe suggests users upgrade to Download Manager 2.2, which is not affected by the vulnerability. Download Manager is used to improve the downloading process of Adobe files.

In another bulletin released Tuesday, Adobe advised users to upgrade to Reader 8 to protect against bugs caused by memory corruption errors in the AcroPDF ActiveX Control. Hackers could exploit the vulnerabilities to take control of an affected system.

Click here to email Dan Kaplan.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
adobeavoidbugcriticalsecuritytoupgradeurges

Sponsored Whitepapers

Beyond the Breach: Logicalis Delivers Scalable, Business-Aligned MXDR Security
Beyond the Breach: Logicalis Delivers Scalable, Business-Aligned MXDR Security
Transforming IT for the Hybrid Era
Transforming IT for the Hybrid Era
Powering secure AI at the Edge: What you need to know before it’s too late
Powering secure AI at the Edge: What you need to know before it’s too late
Ditch the Spreadsheets. Build a System That Grows With You.
Ditch the Spreadsheets. Build a System That Grows With You.
Gaining a Competitive Advantage with Communication APIs
Gaining a Competitive Advantage with Communication APIs

Events

Most Read Articles

Microsoft knew of SharePoint security flaw in May, initial patch ineffective

Microsoft knew of SharePoint security flaw in May, initial patch ineffective
ACSC alerts to exploited MS SharePoint remote code execution flaw

ACSC alerts to exploited MS SharePoint remote code execution flaw
"PoisonSeed" attack does not bypass hardware MFA

"PoisonSeed" attack does not bypass hardware MFA
Microsoft issues patches for "ToolShell" vulnerable SharePoint Servers

Microsoft issues patches for "ToolShell" vulnerable SharePoint Servers
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?