Google China hack exploited flaws in Adobe Acrobat and Reader


Google China hack exploited flaws in Adobe Acrobat and Reader

Warwick Ashford

The attempts to hack the Gmail accounts of human rights activists which sparked Google's threat to pull out of China, exploited flaws in Adobe Reader and Acrobat software.

The revelation by researchers at Verisign iDefence Security Intelligence Services came as Adobe released a critical security patch for both Reader and Acrobat.

Adobe has given no indication of whether the patch is related to the same flaws exploited in the recent attack against Google and more than 20 other large companies, including Adobe, in December.

The attacks were mainly on US technology, finance and defence industry firms with the aim of stealing intellectual property.

The Google attack was mainly aimed at getting information about human rights activists. It targeted an internal system the firm uses to comply with search warrants for data on Google users, said security firm Scansafe.

This industry targeting is not new, with malware attacks against 21 industry verticals recorded in 2008, Mary Landesman, senior security researcher at Scansafe said in a blog post.

Even mass-distributed malware becomes targeted once that malware gets into the corporate network, typically downloading a configuration file that specifies the information to be harvested from a particular organisation, she said.

Google is to hold talks with the Chinese authorities to see if the firm can continue providing search results in the country, but without censoring those results.

"We recognise that this may well mean having to shut down, and potentially our offices in China," Google lawyer David Drummond said in a blog post.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy