You know those annoying reminders you keep getting from Adobe to update your Acrobat or Flash software? Now would be a good time to pay attention to them. Brian Krebs at KrebsOnSecurity.com discovered last week that computer criminals had gained access to Adobe’s servers and stole a treasure trove of data from the firm. Credit card data belonging to roughly 3 million consumers was taken, though it was encrypted. But more important, hackers stole the source code for many Adobe products, meaning they have an incredible leg up in the race to find software flaws that can be exploited.
Source code is the key to finding so-called “zero-day” exploits — software flaws that are unknown to the rest of the world, and unpatched, so they can be exploited at will.
Adobe software is ubiquitous, on almost every personal computer and work desktop. The potential consequences are enormous.
(Don’t miss a story! Subscribe to my newsletter at http://BobSullivan.net/newsletter)
“This opens up organizations and consumers to major threats,” said George Tubin, senior strategist at Trusteer, a security firm owned by IBM. “Having access to the source code provides attackers with the opportunity to uncover new unknown vulnerabilities and develop malware that exploits these vulnerabilities. With organizations being unable to detect and patch for these unknown vulnerabilities, every time an employee opens a PDF or a Flash movie, the organization is at risk of a breach of its sensitive and proprietary information.”
Adobe said it plans to release a major security update on Oct. 8. You’d be wise to install it ASAP. I’ll remind you.
Adobe’s statement about the attack is here.