Thanks for that information I have been installing it guess I need to do some uninstalls now.
Jon On Thu, Feb 18, 2010 at 8:45 AM, Angus Scott-Fleming <[email protected]>wrote: > I have been uninstalling this whenever I see it, so it's good to see that > my > suspicious nature has paid off. > > ------- Included Stuff Follows ------- > SecurityUpdates for Adobe Reader, Acrobat - Krebs on Security Update > > If you decide to do without Adobe Reader and uninstall it, you might > want to nix the Adobe Download Manager as well. Researcher Aviv Raff > points to > some nifty work he´s done which shows that Adobe´s Download Manager - > which > ships with all new versions of Flash and Reader - can be forced to > reinstall > an application that´s been removed, such as Reader. According to Raff, a > Web > site could hijack the Adobe Download manager to download and install any > of > the following: > > * Adobe Flash 10 > * Adobe Reader 9.3 > * Adobe Reader 8.2 > * Adobe Air 1.5.3 > * ARH tool - allows silent installation of Adobe Air applications > * Google Toolbar 6.3 > * McAfee Security Scan Plus > * New York Times Reader (via Adobe Air) > * Fanbase (via Adobe Air) > * Acrobat.com desktop shortcut > > Raff writes: "So, even if you use an alternative PDF reader, an attacker > can force you to download and install Adobe Reader, and then exploit the > (yet > to be patched, but now known) vulnerability. The attacker can also > exploit 0- > day vulnerabilities in any of the other products mentioned above." Read > more > on his findings at this link here. > > --------- Included Stuff Ends --------- > More here with links: > > http://www.krebsonsecurity.com/2010/02/security-updates-for-adobe-reader-acrobat/ > > See also: > Aviv Raff On .NET - May the force be with you > http://aviv.raffon.net/2010/02/15/MayTheForceBeWithYou.aspx > > ASF Note: According to Aviv Raffon, Firefox users should disable or > uninstall > the Adobe Download Manager extension in addition to uninstalling the Adobe > Download Manager program. > > Of course, if you're constitutionally paranoid like me ;-) you won't have > either installed [grin]. > > Angus > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
