DigiNotar, for those who may not know, is a Dutch security certificate provider. About two weeks ago, the certificate provider was hacked. The provider issued a fake certificate for Google. com and all of its subdomains, including Gmail. As a result, there were small attacks in the county of Iran based on the fake certificate. Later on Google and Mozilla blocked the entire certificate registry on their Internet browsers as a security precaution. Now Adobe is getting in on the action, and is preparing a patch for its Adobe Reader and Adobe Acrobat software, according to Ars Technica.
Last Thursday, Adobe announced it was in the process of removing the DigiNotar Qualified CA (certificate authority) from its Trust List. They also provided a way for users to remove the certificate manually if they wished to do so. Adobe on Friday issued another update stating that the patch would be released on September 13. Adobe said that there was evidence that the Qualified CA had been compromised, despite fake certificates having been issued only through the DigiNotar Public CA. Adobe also stated that:
We have delayed the removal of this certificate until next Tuesday (September 13) at the explicit request of the Dutch government, while they explore the implications of this action and prepare their systems for the change.
The patch, according to the security advisory, will apply to all versions of Adobe Reader and Adobe Acrobat 8.x or higher. The update is for both Windows and Mac versions of the software. Stay tuned for additional updates.
6 Comments - Add comment