Earlier this week an allegedly Egyptian hacker calling himself ViruS_HimA hacked into an Adobe serverand stole more than 150,000 emails and encrypted passwords of Adobe employees and customers/partners of the firm including members of the US military, Google, Nasa and the UK government.
To validate his claim, ViruS_HimA published a limited set of records for users with email addresses ending in adobe.com, .mil and .gov.
Adobe said Wednesday it is investigating the release of 230 names, email addresses and encrypted passwords claimed to have been stolen from a company database.
The information was released on Tuesday on Pastebin by a self-proclaimed Egyptian hacker named "ViruS_HimA." The hacker, who claimed the database accessed holds more than 150,000 records, posted links to several websites hosting a text file with 230 records.
There is new vulnerability in Adobe X which helps to execute its own shellcode with help of malformed PDF-documents with specially crafted forms.
The vulnerability is also included in new modified version of "Blackhole Exploit-Kit”, which is used for the distributing the banking Trojans (Zeus, Spyeye, Carberp, Citadel) with the help of exploitation different vulnerabilities in client-side software.
Adobe has posted an update to address vulnerabilities in its Flash Player media platform.
The company said that the update would address flaws in all versions of its online media playing tool, including Flash Player for Android 4.0.
Adobe announced new security features this week for its Reader and Acrobat XI products, including enhanced sandboxing, Force ASLR, PDF whitelisting, and Elliptic Curve Cryptography. In addition to a number of new features enhancing Reader's and Acrobat's PDF-creation capabilities, these security measures add another layer atop previous changes that have improved a once "widely exploited" app over the past two years.