Adobe Patches Security Hole in Product that Shouldn’t Exist

This past December, a report was released that showed both Adobe’s software and Mozilla’s Firefox to be the buggiest software on the planet, where found vulnerabilities are concerned. There’s little reason to look down upon Firefox, though, as it’s patched on a regular basis, so it’s not as though the security holes are left to linger once they’re known about. As for Adobe software, it’s hard to tell.

But while it’s hard to know of all of the vulnerabilities that Adobe finds in its own software, it’s even harder to know just how long each hole takes to fix, and whether or not it’s fixed at all. But to be fair, Adobe does release regular patches and security updates for its products, so it can be assumed that it’s on top of things. But, what I do find humorous, is that the company has just issued a security fix for a program that I don’t even think should exist.

The software in question is the Adobe Download Manager, a browser-extension piece of software that starts right up when a user wants to download a piece of software from Adobe’s website, such as  Reader or Flash. If you quickly decline the Download Manager to run, you can download the program via normal methods. That’s the smart thing, since overall, it’s quicker. You don’t have to wait for an applet to load, namely.

Flash and Reader are undoubtedly the most common downloads at Adobe’s site. Flash weighs in at something like 2MB, while Reader currently sits at 26MB. For what reason is an applet-based and bloated Download Manager needed for a download so small? Sure, there’s dial-up users, but even then, 26MB isn’t a major burden for someone on a 56Kbit/s connection (it would take just over an hour). Plus, dial-up users are in the minority, so to spawn a download manager like this by default is strange.

It’s for these reasons that I think Adobe’s Download Manager is completely useless, and it’s highly ironic that despite being so useless, it actually had a bug severe enough to allow someone remote access to your PC. Come on, Adobe… keep it simple.

Download Manager is a tool that helps users efficiently download files from Web servers. It is used one time per session and is deleted when the computer is restarted. However, Adobe recommends users verify that a potentially vulnerable version of the Adobe Download Manager is no longer installed on their machine by following instructions contained in the Solution section of the security bulletin.