Adobe is in damage control mode as the company aims to contain the risk from a compromised code signing certificate. The compromise is forcing the company to revoke the certificate.
“Adobe is aware at this time of two malicious utilities from a single source that appeared to be digitally signed using a valid Adobe code-signing certificate,” Adobe warned in an advisory issued late Thursday.
The two malicious utilities are pwdump, which can be used to extract passwords from Windows and myGeeksmail, which is a malicious ISAPI filter.
How It Happened
As to how the Adobe certificate was compromised, Brad Arkin, senior director of Product Security and Privacy at Adobe noted in a blog post that Adobe identified a compromised build server with access to the Adobe code signing infrastructure.
According to Arkin, the compromised build server’s configuration was not up to Adobe corporate standards.