iDefense Putting Speculations to Rest

Much of the media coverage earlier this week suggesting Adobe software may have been a vector used in the recent attacks against Adobe and other companies was based on information provided by iDefense. Today, iDefense provided the following statement:

“In iDefense’s press announcement regarding the recently discovered Silicon Valley compromises, we stated that the attack vector was likely “malicious PDF file attachments delivered via email” and suggested that a vulnerability in Adobe Reader appeared to have been exploited in these attacks. Upon further review, we are retracting our initial assessment regarding the likely use of Adobe vulnerabilities. There are currently no confirmed instances of a vulnerability in Adobe technologies being used in these attacks. We continue to investigate this issue.”