Adobe Says It Is Breaking Ties To Diginotar

Software giant Adobe said on Thursday that it was removing Diginotar’s Qualified CA certificate from the Adobe Approved Trust List (AATL), according to a company blog post.

Software giant Adobe said on Thursday that it was removing Diginotar’s Qualified CA certificate from the Adobe Approved Trust List (AATL), according to a company blog post.

The move would effect Adobe Reader and Adobe Acrobats Versions 9 and X. It is just the latest move by major software vendors to break ties to the compromised, Dutch certificate authority, which was found to have unwittingly issued hundreds of fraudulent certificates in the names of prominent organizations in recent months. 

In a post on the company’s Product Security Incident Response Team (PSIRT) blog, Adobe said it hoped to have implemented the change by Friday. The company provided instructions for removing Diginotar

certificates from the Approved Trust List manually. Those instructions are available on the PSIRT blog.

Software vendors including Microsoft, Google and The Mozilla Foundation moved to break trust with DigiNotar’s compromised certificate authorities almost immediately after word of a fraudulent certificate for Google.com issued by DigiNotar broke on August 27th. Both companies have taken additional steps since then to expand the reach of their bans as more information about the extent of the breach has been made public. Specialty browser makers like The Tor Project have responded in a similar fashion

On Thursday, Mozilla asked  all of the CAs involved in the root program to conduct audits of their PKIs and verify that two-factor authentication and other safeguards are in place to protect against the issuance of rogue certificates, Threatpost reported.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.