Adobe revokes all code signed since 10th July

Adobe releases patches for critical vulnerabilities in Flash, Shockwave and Photoshop
Adobe releases patches for critical vulnerabilities in Flash, Shockwave and Photoshop

Adobe has announced that it has revoked the code signing certificate for all code signed after 10th July 2012 following the attack it announced last week.

The software company announced that it was in the process of issuing updates signed using a new digital certificate for all affected products.

Tanmay Ganacharya, lead security researcher at the Microsoft malware protection centre, said that it has been tracking this issue very closely and the telemetry shows that this issue is not prevalent and is being used in highly targeted attacks only.

In a statement, Adobe senior engineering director Brad Arkin, said that Adobe was hit by an attack that impacted its digital certificate code signing infrastructure and led to at least two malicious utilities being signed.

Arkin said that the certificate runs on the Windows platform and three Adobe Air applications that run on both Windows and Macintosh. It has revoked all software code signed after 10th July 2012 and has decommissioned the existing Adobe code signing infrastructure.

Sign up to our newsletters