Adobe downplays latest vulnerabilities

March 04, 2010


Adobe continues to be dogged by the vulnerability of some of its leading programs, including its own Download Manager program that was recently cited by Israeli security researcher Aviv Raff, as a serious security issue.

In late February, Adobe updated its security update on what it termed the "critical" vulnerability in Adobe Reader 9.3 for Windows and Macintosh, as well as Adobe Reader 8.2 and Acrobat 8.2 for Windows and Macintosh. (The full security update is here.)

As noted on the site, Brad Arkin, director of product security and privacy at Adobe System, spent a significant amount of time updating Adobe customers on these issues, at the recent RSA security conference.

While Arkin notes in the interview that Adobe is trying to achieve transparency, the latest fix last Tuesday in regard to its Download Manager program does not inspire confidence. For Aviv Raff's part, his response to Adobe's security release and statement on the Download Manager vulnerability that he as well as Dutch researcher Yorick Koster discovered was to note the company was reticent in his opinion to fully admit the design flaw.

Raff notes on his blog post, "I think they missed the whole point here. While it is true that Adobe Download manager is removed upon computer restart, the user, who has just updated their Adobe product (usually without requirement to restart the computer after the update), is still expose to forced automatic installation when they start their computer."

Raff also stated on his blog that he's already found another remote code execution flaw in the Adobe Download Manager, through which "an attacker can force an automatic download and installation of any executable he desires."

For its part, Adobe has not responded to Raff's newly found code execution flaw, and is still maintaining that the vulnerability has been addressed.

PDF In-Depth Free Product Trials Ubiquitous PDF

Debenu Quick PDF Library

Get products to market faster with this amazing PDF developer SDK. Over 900 functions and an equally...

Download free demo

Five visions of a PDF Day

In the world of PDFs or as we like to say Planet (of) PDF, a year isn't a real PDF year without an intense few days of industry knowledge sharing.

May 15, 2018
Platinum Sponsor

Search Planet PDF
more searching options...
Planet PDF Newsletter
Most Popular Articles
Featured Product

Debenu PDF Aerialist

The ultimate plug-in for Adobe Acrobat. Advanced splitting, merging, stamping, bookmarking, and link control. Take Acrobat to the next level.


Adding a PDF Stamp Comment

OK, so you want to stamp your document. Maybe you need to give reviewers some advice about the document's status or sensitivity. This tip from author Ted Padova demonstrates how to add stamps with the Stamp Tool along with related comments.