Adobe Code-Signing Certificate Compromised

October 3, 2012 by Bruce Morton     No Comments

Adobe announced they received two malicious utilities signed by a valid Adobe code-signing certificate. The code-signing certificate was compromised though an attack on their code-signing system.

The code-signing certificate will be revoked on October 4, 2012, and will impact all code being signed after July 12, 2012. A supporting security advisory has been issued.

The compromise of the code-signing certificate does not impact Adobe Certified Document Services (CDS) or any root certificate in the CDS system. As such, there is no impact to customers who have purchased CDS signing certificates.

About

Bruce Morton has worked in the public key infrastructure and digital certificate industry for more than 15 years and has focused on SSL and other publicly trusted certificates since 2005. He has been an active member of the CA/Browser Forum that released guidelines for extended validation (EV) certificates and Baseline Requirements for SSL certificates. Bruce oversees the governance and compliance of Entrust’s publicly trusted PKI.

Add to the Conversation