DigiNotar Hack: Adobe set to patch Acrobat and Reader tomorrow

Adobe logo  Tomorrow,  Adobe will be releasing an  Adobe Reader and Acrobat  security update which will remove DigiNotar certificates from its trusted list. The update will be available for both Windows and Mac. Once installed,it will remove DigiNotar certificates from the Adobe Approved Trust List program’ or AATL. AATL basically is a program that allows users to create digital signatures so that a PDF signed with it is trusted whenever it is opened using Acrobat or Reader of version 9 and above.

This update is a result of the DigiNotar security breach in which a hacker supposedly generated hundreds of rogue SSL certificates. These certificates were used to spoof content, perform phishing attacks and more notably in man-in-the-middle attacks. All of the major browser vendors have now removed DigiNotar certificates from their trusted lists. Both Microsoft (Security Advisory 2607712) and Apple (Security Update 2011-005) have also released updates revoking trust of the DigiNotar certificates.

The Adobe update is rated as critical  and it is recommended that all users of the aforementioned software install this update as soon as possible. The update can be downloaded from here once it is released. Adobe has also indicated that they will be enabling dynamic updates of AATL with a future update so that a user doesn’t have to manually install a patch to update the trusted list in scenarios like this.

In case you want to manually remove the DigiNotar certificates from AATL, instructions for both Adobe Reader and Acrobat can be found here.

Published by

Nithin Ramesh

Nithin is a blogger and a Windows security enthusiast. He is currently pursuing Bachelors in Electronics and Communication. Apart from technology his other interests include reading and rock music. His Twitter handle is @nithinr6