Adobe

Advanced hackers have broken into an internal server at Adobe to compromise a digital certificate that allowed them to create at least two files that appear to be legitimately signed by the software maker, but actually contain malware.

As a result of the breach, which appears to date back to early July, Adobe on Oct. 4 expects to revoke the compromised certificate that was used to sign the malicious files, Brad Arkin, senior director of product security and privacy, said in a Thursday blog post.

Adobe today launched the first products and services in its Edge suite of HTML5 development tools. Adobe Edge Animate 1.0 aids Web developers and designers in the creation of animation and interactive content; Edge Inspect (formerly called Shadow) provides simultaneous cross-mobile-device previewing and debugging. The third product to go live today was Edge Web Fonts, a new font service offering more than 500 free fonts including two new ones from Adobe.

Attackers are targeting a patched bug in Adobe Flash Player spread via malicious Microsoft Word documents.

The attacks are focused on CVE-2012-1535, a remote code execution vulnerability that impacts Windows, Macs and Linux systems. Adobe Systems patched the flaw Aug. 14 in a regular security update.

Adobe has released yet another security update for Flash Player, to address a new set of six vulnerabilities that even affect the company's most recent patch that was issued just last week.

We announced last November that we are focusing our work with Flash on PC browsing and mobile apps packaged with Adobe AIR, and will be discontinuing our development of the Flash Player for mobile browsers. 

Cyber-spies have planted Java- and Flash-exploiting malware on web sites focused on human rights, defence and foreign policy. Over the last two weeks, the Shadowserver Foundation, a nonprofit group that tracks internet threats, has discovered several such compromised web pages that download the malware through visitors' browsers. The malware, which exploits known flaws in Adobe Flash and Java, is aimed at Mac and Windows systems.

Late last week, Adobe set off a bit of a kerfuffle when it announced that three of its applications suffered from serious security flaws. They offered readers a simple fix: pay to upgrade to the latest version. Considering the latest version of the company's Creative Suite was less than a week old at the time, this represented both an extremely short period of support for the previous generation of software, and an extremely high price to fix a set of potential vulnerabilities. The move was widely panned by both security experts and Adobe customers. 

A critical security flaw that has been affecting Adobe's Flash Player application now has an update from the software company towards remedying the problem. Actually the flaw had been enabling hackers to exploit it so users could be deceived into taking down malware while browsing in IE (Internet Explorer) that too was getting impacted. Redorbit.com published this on May 6, 2012.

A Flash vulnerability that's being exploited by hackers, to gain control of victims' machines, is the target of a security update released over the weekend by Adobe.

"There are reports that the vulnerability is being exploited in the wild, in active targeted attacks, designed to trick the user into clicking on a malicious file delivered in an email message," Adobe said in a security bulletin.

Today is a big day for Adobe. Not only is the company officially unveiling the next versions of virtually all of the applications in its Creative Suite, but Adobe is also launching its Creative Cloud online offerings.