Vendor retracts claim of Adobe flaw's part in Google attack

A vendor that earlier this week claimed that a vulnerability in Adobe Reader appeared to have resulted in the recent attacks against Google and other companies has retracted that claim.

In a statement issued this afternoon, Verisign's iDefense security group said that it was retracting its earlier assessment. iDefense had stated that the attackers used malicious PDF file attachments delivered via e-mail to break into Google and other companies. The company had suggested that a vulnerability in Adobe Reader appeared to have been exploited in the attacks.

"Upon further review, we are retracting our initial assessment regarding the likely use of Adobe vulnerabilities," the company said. "There are currently no confirmed instances of a vulnerability in Adobe technologies being used in these attacks," the company said, adding that it is continuing to investigate the attacks.

Earlier this week, Google said that it had been attacked by cyber adversaries apparently operating out of China. Since the company's announcement, news has emerged of at least 34 other companies being targeted in similar attacks.

Though it was initially believed that the attackers used rigged PDFs to break into these companies, it was later revealed that the compromises had resulted from an unpatched vulnerability in Microsoft's Internet Explorer (IE) software . Microsoft has confirmed the flaw and issued a security advisory warning users about it.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld . Follow Jaikumar on Twitter at @jaivijayan , send e-mail to or subscribe to Jaikumar's RSS feed .


Copyright © 2010 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon