[Fed-Talk] Speaking of Code Signing...
[Fed-Talk] Speaking of Code Signing...
- Subject: [Fed-Talk] Speaking of Code Signing...
- From: Jeffrey Walton <email@hidden>
- Date: Thu, 27 Sep 2012 17:55:35 -0400
Inappropriate Use of Adobe Code Signing Certificate,
http://blogs.adobe.com/asset/2012/09/inappropriate-use-of-adobe-code-signing-certificate.html.
We recently received two malicious utilities that appeared to be
digitally signed using a valid Adobe code signing certificate. The
discovery of these utilities was isolated to a single source. As soon
as we verified the signatures, we immediately decommissioned the
existing Adobe code signing infrastructure and initiated a forensics
investigation to determine how these signatures were created. We have
identified a compromised build server with access to the Adobe code
signing infrastructure. We are proceeding with plans to revoke the
certificate and publish updates for existing Adobe software signed
using the impacted certificate. This only affects the Adobe software
signed with the impacted certificate that runs on the Windows platform
and three Adobe AIR applications* that run on both Windows and
Macintosh. The revocation does not impact any other Adobe software for
Macintosh or other platforms.
...
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden