Adobe revokes code after server breach

By

Invalidates code signed after 10 July.

Adobe has revoked the code signing certificate for all code signed after 10 July this year following an attack it announced last week.

Adobe revokes code after server breach

The software firm revealed that hackers had broken into an internal server to compromise a digital certificate that allowed them to create at least two malware-laden files that appeared to be legitimately signed by Adobe.

At the time, product security and privacy director Brad Arkin said Windows software signed with the impacted certificate plus three Windows and Macintosh Adobe AIR applications were affected.

Adobe has since begun issuing updates signed using a new digital certificate for all affected products.

Microsoft malware protection centre lead security researcher Tanmay Ganacharya said it has been tracking the issue closely.

Telemetry showed the issue was not prevalent and was being used only in only highly targeted attacks.

Adobe has revoked all software code signed after 10th July 2012 and has decommissioned the existing Adobe code-signing infrastructure.

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?