Adobe has released a security update fixing a critical flaw in its Download Manager software that could let attackers download and install unauthorised software onto a user's system.
The issue applies to any instance of the software downloaded before today, but will not apply to any new versions, the firm said.
"Adobe Download Manager is designed to remove itself from the computer after use at the next computer restart. However, Adobe recommends users verify that a potentially vulnerable version of the Adobe Download Manager is no longer installed on their machine," said the security bulletin.
Adobe credited security researcher Aviv Raff for bringing the flaw to the company's attention.
"Recently, I found a design flaw on Adobe's web site which allows the abuse of the Adobe Download Manager to force the automatic installation of Adobe products, as well as other software products (e.g. Google Toolbar)," Raff said in a blog post.
"Instead of admitting that this design flaw is indeed a problem which can be abused by malicious attackers, Adobe decided to downplay this issue."
Adobe urged users to see whether the C:\Program Files\NOS\ folder and its contents (NOS files) are present on their system. If they are, the firm recommends running the 'services.msc' prompt and making sure that 'getPlus(R) Helper' is not in the list of services. If it is, it should be removed.
_(20).jpg&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
