SOFTWARE HOUSE Adobe has admitted that it was the victim of a hacker attack that breached its security defences.
Hackers were able to make their way into the firm's servers, specifically one of its code signing systems, and used it to sign malware with a valid digital certificate. Adobe's director of Product Security and Privacy, Brad Arkin explained the problem in a blog post.
"We recently received two malicious utilities that appeared to be digitally signed using a valid Adobe code signing certificate. The discovery of these utilities was isolated to a single source. As soon as we verified the signatures, we immediately decommissioned the existing Adobe code signing infrastructure and initiated a forensics investigation to determine how these signatures were created," he said.
"We have identified a compromised build server with access to the Adobe code signing infrastructure."
Arkin said that the certificate has been revoked but that does not mean that the hackers could not already be using it to spread their malware. No one has come forward and claimed responsibility for the attack. The company will issue new certificates, he added.
"We are proceeding with plans to revoke the certificate and publish updates for existing Adobe software signed using the impacted certificate. This only affects the Adobe software signed with the impacted certificate that runs on the Windows platform and three Adobe AIR applications that run on both Windows and Macintosh," he said. "The revocation does not impact any other Adobe software for Macintosh or other platforms."
Code signed after 10 July, 2012 could be affected and the firm said that it will revoke the certificate on 4 October. Users are not expected to notice anything happening, according to the firm's support webpages.
According to F-Secure's Mikko Hypponen, 5,127 files have been signed with the compromised Adobe certificate. However, he explained on Twitter than only three of those are "bad files". µ