Adobe Systems said on Tuesday that it patched a critical vulnerability that affected the Adobe Download Manager. The Download Manager is used when Internet users download Flash or Reader software from Adobes websites.
A critical vulnerability was discovered that could be used by attackers to remotely install malicious software on a victims PC. In order to fulfill an exploit, an attacker would lead the victim to a special modified link on the adobe.com domain.
The combination of the two combined to make a very serious security threat. The download manager is usually removed from a users’ PC as soon as a computer is restarted. Users of the download manager in the past can ensure security by making sure the directory - C:Program FilesNOS - is not present.
More information on the issue is available at:
http://www.adobe.com/support/security/bulletins/apsb10-08.html
Result for: attackers
Two researchers plan to provide details at next week’s PacSec 2008 conference in Tokyo on how Wi-Fi Protected Access (WPA) is vulnerable to attack. Of course, this does not mean that WPA is as vulnerable to compromise in the same way that Wired-Equivalent Privacy (WEP) is, far from it in fact. The weakness in WPA is being reported by Martin Beck and Erik Tews, two graduate students in Germany. The attack could make it possible to compromise certain communications in less than 15 minutes.
The researchers found the weakness in the lesser of two WPA security protocol, Temporal Key Integrity Protocol (TKIP). Attackers can use the techniques to decrypt limited communications and can recover a special integrity checksum and send up to seven custom packets to clients on the network, according to SecurityFocus.
“The new attack on WPA is not a complete key recovery attack,” Tews said in an email to SecurityFocus. “It just allows you to decrypt packets and inject packets with custom content. But there is only a single short-term key recovered during the attack.”
