Tomorrow, Adobe will be releasing an Adobe Reader and Acrobat security update which will remove DigiNotar certificates from its trusted list. The update will be available for both Windows and Mac. Once installed,it will remove DigiNotar certificates from the Adobe Approved Trust List program’ or AATL. AATL basically is a program that allows users to create digital signatures so that a PDF signed with it is trusted whenever it is opened using Acrobat or Reader of version 9 and above.
This update is a result of the DigiNotar security breach in which a hacker supposedly generated hundreds of rogue SSL certificates. These certificates were used to spoof content, perform phishing attacks and more notably in man-in-the-middle attacks. All of the major browser vendors have now removed DigiNotar certificates from their trusted lists. Both Microsoft (Security Advisory 2607712) and Apple (Security Update 2011-005) have also released updates revoking trust of the DigiNotar certificates.
The Adobe update is rated as critical and it is recommended that all users of the aforementioned software install this update as soon as possible. The update can be downloaded from here once it is released. Adobe has also indicated that they will be enabling dynamic updates of AATL with a future update so that a user doesn’t have to manually install a patch to update the trusted list in scenarios like this.
In case you want to manually remove the DigiNotar certificates from AATL, instructions for both Adobe Reader and Acrobat can be found here.