VeriSign Inc. (NASDAQ:VRSN) has retracted its claim last week that a vulnerability in Adobe Systems Inc.’s (NASDAQ:ADBE) Reader software appeared to have resulted in the recent attacks against Google Inc. (NASDAQ: GOOG) and other companies.
In a statement issued last week, VeriSign’s iDefense security group said that it was retracting its earlier assessment. iDefense had stated that the attackers used malicious portable document format (PDF) attachments delivered via e-mail to break into Google and other companies. Mountain View, Calif.-based VeriSign, which makes secure sockets layer (SSL) and public key infrastructure (PKI) products, had suggested that a vulnerability in Adobe Reader appeared to have been exploited in the attacks.
“Upon further review, we are retracting our initial assessment regarding the likely use of Adobe vulnerabilities,” the company said. “There are currently no confirmed instances of a vulnerability in Adobe technologies being used in these attacks,” the company said, adding that it is continuing to investigate the attacks.
Last week, Google said that it had been attacked by cyber adversaries apparently operating out of China. Since the company’s announcement, news has emerged of at least 34 other companies being targeted in similar attacks.
Though it was initially believed that the attackers used rigged PDFs to break into these companies, it was later revealed that the compromises had resulted from an unpatched vulnerability in Microsoft Corp.’s Internet Explorer (IE) software . Microsoft has confirmed the flaw and issued a security advisory warning users about it.