Security firm iDefense has withdrawn a comment made earlier about the Google attack.
As published on the SC Magazine website on the 13th January, iDefense head of international cyber intelligence Eli Jellenc, claimed that ‘attackers delivered malicious code used against Google and others using PDFs as email attachments', similar to an attack in July 2009 which employed a PDF file that exploited a zero-day vulnerability in Adobe Reader.
However in a blog update on the Adobe website, iDefense has issued a statement retracting the comment. It said: “In iDefense's press announcement regarding the recently discovered Silicon Valley compromises, we stated that the attack vector was likely ‘malicious PDF file attachments delivered via email' and suggested that a vulnerability in Adobe Reader appeared to have been exploited in these attacks.
“Upon further review, we are retracting our initial assessment regarding the likely use of Adobe vulnerabilities. There are currently no confirmed instances of a vulnerability in Adobe technologies being used in these attacks. We continue to investigate this issue.”
The retraction follows an update by Adobe, issued on the 14th January, which confirms that there was ‘no evidence to suggest Adobe technology was a vector in recent network attacks'.
It said: “Media coverage this week has suggested that Adobe software may have been a vector used in the recent attacks against Adobe and other companies. We are continuing our investigation into the incident, but to date, none of the work done by Adobe or any third party has uncovered evidence to indicate that Adobe technology was an attack vector.”