Adobe announced on September 27th that two malicious utilities were signed by a valid Adobe digital certificate. Brad Arkin, Adobe’s products and services senior director of security, said the cause was a compromised build server. This particular server had access to the Adobe code signing infrastructure. The attackers got in and dug around until they found the server, using what Arkin calls APT-type (Advanced Persistent Threat) methods.
Arkin says of the attack, “our investigations to date [have] shown no evidence that any other sensitive information- including Adobe source code or customer, financial, or employee data- was compromised”, implying that the attackers were more interested in obtaining the authority that comes with Adobe’s reputation.
This affects Adobe software signed with the certificate after July 10th that are running on Windows. There were three Adobe Air applications that were affected as well, these running on either Windows or Mac.
It was also noted that the build server only had access to the source code of one Adobe product. Arkin says the product was not Flash, Reader, or Shockwave. The certificate is slated to be removed October 4th. Currently, Adobe is still investigating where the weak spot was within the infrastructure that allowed the attackers to compromise the machine, and the process with which it was done.
Resources: Threatpost.com: Valid Adobe Certificate Used to Sign Malicious Utilities Common in Targeted Attacks.
Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.