AAPL Stock: 109.5 ( -1.28 )

Printed from

Adobe reveals details of two-month-old server intrusion

updated 10:04 pm EDT, Thu September 27, 2012

Authentication server penetrated; code signed as Adobe-authentic

Adobe warned today that an internal digital code signing server was hacked by "sophisticated threat actors" focusing on Adobe. The early-July hack led to the compilation of a minimum of two malicious files that were digitally signed and authenticated as Adobe genuine software. The hack gave the attackers the means to build malware that the operating system views as legitimate Adobe-created software, making it that much harder for security packages to detect and eliminate the threat.

Adobe security chief Brad Arkin noted that "The first malicious utility we received is 'pwdump7 v7.1.' This utility extracts password hashes from the Windows OS and is sometimes used as a single file" linking OpenSSL to Windows.

Temporarily, Adobe's new signing solution includes an offline human validation step to guarantee all new signatures are actually Adobe software. "We are in the process of designing and deploying a new, permanent signing solution," Arkin added.

Few details of the actual breach were provided, except that it affected a build server with access to the verification routines. Arkin admitted that the server didn't comply with "Adobe corporate standards for a build server" and are "investigating why our code signing access provisioning process in this case failed to identify these deficiencies."

Adobe claims that no source code was stolen during the intrusion. The impacted certificates will be revoked on October 4, 2012. All code signed by Adobe after July 10, 2012 is impacted by the certificate revocation.

by MacNN Staff



Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Polk Hinge Wireless headphones

Polk, a company well-established in the audio market, recently released a new set of headphones aimed at the lifestyle market. The Hin ...

Blue Yeti Studio

Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...


Most Commented