At almost the same time as Google was telling the world that attacks it believed to have originated from China had targeted its systems, Adobe made a brief statement saying that it too had been on the receiving end of a “sophisticated, co-ordinated attack”.
Presently it is not believed that any customer, financial, employee or any other sensitive data was compromised during the attack, which Adobe became aware of on January 2nd.
According to the company – which makes the ubiquitous PDF reader and Flash plug-in software used by many millions of computers around the world – other unnamed companies were also affected by the attack, which has been dubbed “Operation Aurora” by security experts.
There has been some confusion (documented by Brian Krebs on his blog) about whether the Adobe attack was connected with the targeted attack on Google that has made front page headlines around the globe.
Initially, Adobe’s spokesperson Wiebke Lips told Krebs that it was “just a bad coincidence” that news of the Google and Adobe attacks came out on the same day.
However, the charmingly-monikered Ms Lips subsequently did an about-face telling ComputerWorld that the incidents were related after all.
Speculation is sure to grow in the computer security community that the attackers were using boobytrapped PDF files that exploited unpatched zero-day vulnerabilities in Adobe Reader to gain control over corporate computers.Follow @gcluley