post #1 of 1
Thread Starter 
Adobe today announced it has been subject to a significant security breach, including a compromised build server resulting in at least one valid Adobe code signing certificate being used to sign malware. As a result, the software company will be revoking the impacted certificate for all code signed after July 10, 2012 one week from today, at 1:15 pm PDT on October 4. It is also publishing updates for existing software signed with it.

The certificate in question was for Adobe software on the Windows platform as well as three Adobe AIR applications (Adobe Muse, Adobe Story AIR, and desktop services) that run on both Windows and Mac OS. The revocation will thus not impact any other Adobe software for Mac or other platforms, according to Adobe, nor should customers notice anything out of the ordinary.

Adobe discovered the problem when it received two malicious utilities (pwdump7 v7.1 and myGeeksmail.dll) that were digitally signed using one of its certificates. While the company says both pieces of malware came from the same source, it can’t confirm that there aren’t more out there.