Adobe revokes code after server breach

By on
Adobe revokes code after server breach

Invalidates code signed after 10 July.

Adobe has revoked the code signing certificate for all code signed after 10 July this year following an attack it announced last week.

The software firm revealed that hackers had broken into an internal server to compromise a digital certificate that allowed them to create at least two malware-laden files that appeared to be legitimately signed by Adobe.

At the time, product security and privacy director Brad Arkin said Windows software signed with the impacted certificate plus three Windows and Macintosh Adobe AIR applications were affected.

Adobe has since begun issuing updates signed using a new digital certificate for all affected products.

Microsoft malware protection centre lead security researcher Tanmay Ganacharya said it has been tracking the issue closely.

Telemetry showed the issue was not prevalent and was being used only in only highly targeted attacks.

Adobe has revoked all software code signed after 10th July 2012 and has decommissioned the existing Adobe code-signing infrastructure.

This article originally appeared at

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Log In

Username / Email:
  |  Forgot your password?