Adobe is investigating the illegal access of source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products by an unauthorized third party. Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident.
Adobe thanks Brian Krebs, of KrebsOnSecurity.com, and Alex Holden, chief information security officer, Hold Security LLC. holdsecurity.com for their help in our response to this incident.
We are not aware of any zero-day exploits targeting any Adobe products. However, as always, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide. These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products.
For more information on Acrobat security, please visit the Acrobat Developer Center.
For more information on ColdFusion 10 security, please visit the ColdFusion Developer Center.
Brad Arkin
Chief Security Officer