DigiNotar fallout: Adobe to release patches

DigiNotar, for those who may not know, is a Dutch security certificate provider. About two weeks ago, the certificate provider was hacked. The provider issued a fake certificate for Google. com and all of its subdomains, including Gmail. As a result, there were small attacks in the county of Iran based on the fake certificate. Later on Google and Mozilla blocked the entire certificate registry on their Internet browsers as a security precaution. Now Adobe is getting in on the action, and is preparing a patch for its Adobe Reader and Adobe Acrobat software, according to Ars Technica.

Last Thursday, Adobe announced it was in the process of removing the DigiNotar Qualified CA (certificate authority) from its Trust List. They also provided a way for users to remove the certificate manually if they wished to do so. Adobe on Friday issued another update stating that the patch would be released on September 13. Adobe said that there was evidence that the Qualified CA had been compromised, despite fake certificates having been issued only through the DigiNotar Public CA. Adobe also stated that:

We have delayed the removal of this certificate until next Tuesday (September 13) at the explicit request of the Dutch government, while they explore the implications of this action and prepare their systems for the change.

The patch, according to the security advisory, will apply to all versions of Adobe Reader and Adobe Acrobat 8.x or higher. The update is for both Windows and Mac versions of the software. Stay tuned for additional updates.

Report a problem with article
Previous Story

HTC interested in acquiring mobile OS

Next Story

iOS 5 final at end of September, October iPhone 5 launch?

6 Comments

Commenting is disabled on this article.

worst thing is they got hacked 2-3 months ago, not 2 weeks ago. diginotar just kept it silent.
it also affected all the dutch governmental websites -.-'

Shadowzz said,
worst thing is they got hacked 2-3 months ago, not 2 weeks ago. diginotar just kept it silent.
it also affected all the dutch governmental websites -.-'

Thanks for the info. Earliest I could find mention of it was 2 weeks ago

>Later on Google and Mozilla blocked the
Microsoft is not worth mentioning? IE was immune from the attack as soon as the breach was discovered and certificates revoked.
And where is the beloved Apple? The were slowest to react and they still haven't patched iOS.

CAs are not a good solution. Self signed cert warnings that new browsers have are annoying as heck. I'd like to see the CA system completely reworked.

ObiWanToby said,
CAs are not a good solution. Self signed cert warnings that new browsers have are annoying as heck. I'd like to see the CA system completely reworked.

I agree. The system does have flaws.