Adobe Fixes Reader Flaw, Warns Of New Bug In Download Tool - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
11:10 AM

Adobe Fixes Reader Flaw, Warns Of New Bug In Download Tool

The company updates its free Reader application to fix a flaw but warns that its Download Manager has a critical bug.

Adobe Systems updated its free Reader application Tuesday to fix a critical flaw disclosed last week, but then warned users of its Download Manager that attackers could hijack a Mac or Windows PC by exploiting a bug in that utility.

Adobe Reader 8.0 for Windows patched a vulnerability in the AcroPDF ActiveX control used to display PDF documents within Microsoft's Internet Explorer browser. Last week, Adobe said that the Windows versions of Reader 7.0 through 7.0.8 could be exploited to compromise PCs.

"Adobe Reader 7.0 through 7.0.8 users should upgrade to Reader 8," Adobe said in a Tuesday bulletin.

Adobe Acrobat versions 7.0 through 7.0.8, however, remain vulnerable to attack. For users of that application, Adobe on Tuesday provided a workaround that requires users to manually replace the vulnerable AcroPDF.dll file with one downloaded from the Adobe site.

But just as Adobe fixed one of its programs, it warned that another contained a bug.

Adobe Download Manager, a utility the company provides to help users download large files and updates from its Web site, is also vulnerable to attack. Mac OS X and Windows systems running version 2.1 and earlier could be compromised, although a successful exploit would need user help, said Adobe. "A malicious file must be loaded by the end user, via a Web browser or e-mail client for instance, for an attacker to exploit this vulnerability," the company said in a new security bulletin.

Users should uninstall Download Manager 2.1 and earlier, Adobe advised.

Adobe classified the Download Manager bug as "critical," while vulnerability trackers such as Secunia and FrSIRT labeled it "Highly critical" and "Critical," respectively.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
IBM Puts Red Hat OpenShift to Work on Sports Data at US Open
Joao-Pierre S. Ruth, Senior Writer,  8/30/2019
IT Careers: 10 Places to Look for Great Developers
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/4/2019
Cloud 2.0: A New Era for Public Cloud
Crystal Bedell, Technology Writer,  9/1/2019
White Papers
Register for InformationWeek Newsletters
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Flash Poll