SecurityTube

Valid Adobe Certificate Used to Sign Malicious Utilities Common in Targeted Attacks

JB

Adobe announced today it was the victim of an APT-style attack after two malicious utilities commonly used in targeted attacks for privilege escalation and pivoting within a network were discovered signed by a valid Adobe digital certificate. Adobe said it will revoke the certificate next week.

Adobe products and services senior director of security Brad Arkin said in a statement that a build server with access to the Adobe code signing infrastructure was compromised and is the source of the issue.

The certificate will be revoked on Oct. 4; this affects only Adobe software signed with the cert after July 10 running on Windows, as well as three Adobe Air applications that run on Windows and the Macintosh platform.

“Customers should not notice anything out of the ordinary during the certificate revocation process,” Arkin said. “Our investigation to date has shown no evidence that any other sensitive information—including Adobe source code or customer, financial or employee data—was compromised.”

Arkin said Adobe does not believe the certificate was used to sign widespread malware, and is limited to the two utilities discovered.

“We believe the vast majority of users are not at risk,” Arkin said.