Adobe bug unearthed

A researcher has unearthed a bug in software used to install Adobe's ubiquitous Reader and Flash applications that can be exploited to remotely install malicious files on end-user PCs, reports The Register.

The Adobe Download Manager is an ActiveX script that is invoked when people install or update Reader or Flash using Internet Explorer. Researcher Aviv Raff has figured out how to exploit it to install any file he wishes simply by tricking a user into clicking on a link on the Adobe.com domain.

The attack combines a vulnerability on Adobe's Web site with a defect in the download manager.

"Instead of admitting that this design flaw is indeed a problem which can be abused by malicious attackers, Adobe decided to downplay this issue," Raff wrote in disclosing the vulnerability.

Mozilla has released Firefox 3.5.8 and Firefox 3.0.18 for Windows, Mac and Linux, patching five vulnerabilities, three of which are rated 'critical', states Computing.co.uk.

Mike Beltzner, Mozilla's director of Firefox, says the new versions are part of an ongoing stability and security update process. Some of the patches apply to critical issues, which could lead to a hacker taking remote control of an affected system.

Mozilla says the rating applied to vulnerabilities that can be "used to run attacker code and install software, requiring no user interaction beyond normal browsing".

AdMarvel, a subsidiary of Opera Software as well as a provider of mobile advertising services, has unveiled its Android Advertising Toolkit version 1.5, says eWeek.

The AdMarvel Android Advertising Toolkit enables Android application developers to integrate rich media advertising, including advertising from various global ad networks, into their applications.

In addition, company officials say AdMarvel supports rich media advertising on the mobile Web on Android phones. Advertising metrics and analytics are provided via an online Web console that provides a near real-time view of the application's advertising performance.