Adobe today patched a critical vulnerability in the Windows utility used to download the company's two most popular products, Adobe Reader and Flash Player.

It was the second time in the last six weeks that Adobe fixed a flaw in Download Manager, the program it installs on PCs when customers download Reader or Flash Player.

The bug, Adobe acknowledged in an advisory, "potentially allow[s] an attacker to download and install unauthorized software onto a user's system."

Israeli security researcher Aviv Raff disclosed the vulnerability last week, when he said that attackers could use the Download Manager to forcibly download and install any executable file, including attack code.

More: http://www.computerworld.com/s/article/9161258/