Comment by jameskraus
4 hours ago
Honestly a pretty nifty way to detect if it's installed. I'm sure this can power a lot of nice features, like linking directly into adobe products if they're installed.
4 hours ago
Honestly a pretty nifty way to detect if it's installed. I'm sure this can power a lot of nice features, like linking directly into adobe products if they're installed.
It can power even more security issues too. This is absolutely horrendous.
I’m wondering how this can be exploited.
They implemented it in a way that it only responds with a valid image and a 200 status code, when the referrer is adobe.com. It's probably somewhat sane given the insanity that is the host files hack.
Agreed, at worst this is just vaguely icky feeling; realistically this is a nothing burger.
To exploit this kind of thing you'd either need to have access to someone's computer to change the hosts file yourself, pointing to a different IP address, or somehow gain control of Adobe's IP address and point it to a different server. For the former, if you have local root permission, you already own the machine, why bother with this slow of an option. And the latter is already such a takeover that the involvement of this hosts file change is basically irrelevant.