Be Very Afraid Of The Adobe getPlus Vulnerability!

All these vulnerabilities can get you terribly confused. It is extremely annoying when a patch is released for a vulnerability; you do the required steps and patch it, only to discover that a new vulnerability exists. It is like a never ending cycle that keeps on going and going no matter what. It would be wonderful if this cycle could end at some point don't you think? Today is not going to be the day for the cycle to end, that much I can guarantee. My purpose right now to unfortunately, inform you about a new vulnerability that has been discovered. This vulnerability has been reported in Adobe getPlus DLM.

The vulnerability in the Adobe getPLUS DM has materialized because of the application setting. This setting has very unstable default permissions which pertains to the "NOS" installation directory. One of ways that this weakness could be exploited, in order to gain escalated privileges, is by directly replacing the getPlus_HelperSvc.exe which relates to the service binary.

Adobe has many other exciting products that are extremely popular amongst computer users. This may include Adobe Acrobat Reader, Adobe Creative Suite as well as Adobe Acrobat Professional. Some of the files of Adobe Acrobat Reader may include: Acracns1.dll, AdobePS5.dll, bidilpt.dll and COOLTYPE.DLL. Files related to Adobe Creative Suite include: AfterNew.vbs, ApplyMaster.vbs, BeforeDisplay.vbs and CallProgressBar.vbs. Lastly some of the files of Adobe Acrobat Professional include AcroPro.msi, pdfControlLib.dll, PreflightLib.dll as well as ZStringDLLib.dll.

If attackers are able to pull off exploiting this vulnerability with precision, then this shall enable them to gain escalated privileges. This means that these they will be able to gain access to privileges that only the system administrator is meant to access. We all know that in the online world:"security is GOD" and that if you are able to bypass security, you are able to do just about anything. This concept is directly applicable to this specific vulnerability.

I can almost guarantee that you are wondering two things, namely, what version does this issue affect and what is the solution. First things first, let me tell you which version is affected. This vulnerability has been confirmed in version 1.6.2.36. It is imperative for Adobe users to know that other versions also run the risk of being affected. The solution for all users is to remove the access which is unprivileged, from the permissions set on "NOS" directory. It can thus be quoted in conclusion:"If privacy is outlawed, only outlaws will have privacy". - Philip Zimmermann