Multiple Adobe Products Code Signing Certificate Revocation

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-34012	2012-B-0100	SV-44465r2_rule	ECMT-1 ECMT-2 VIVM-1	High

Description
Adobe has released a series of updates in preparation for the revocation of a compromised code signing certificate. The updates apply to various Adobe products and each will require different actions to ensure the affected software is updated with new digital certificates. Adobe is aware of at least two malicious utilities that were signed using the Adobe code signing certificate. As a result, Adobe is taking these actions to maintain trust in genuine Adobe software.<br><br> At this time, Adobe is aware of malicious utilities signed by compromised code signing certificates. USCYBERCOM is unaware of any DoD related incidents.<br><br>

Description

Adobe has released a series of updates in preparation for the revocation of a compromised code signing certificate. The updates apply to various Adobe products and each will require different actions to ensure the affected software is updated with new digital certificates. Adobe is aware of at least two malicious utilities that were signed using the Adobe code signing certificate. As a result, Adobe is taking these actions to maintain trust in genuine Adobe software.<br><br> At this time, Adobe is aware of malicious utilities signed by compromised code signing certificates. USCYBERCOM is unaware of any DoD related incidents.<br><br>

STIG	Date
BlackBerry Playbook OS (NEA mode) Security Technical Implementation Guide (STIG)	2013-03-14

Details

Check Text ( None )
None

Fix Text (None)
None