News

Google China hack exploited flaws in Adobe Acrobat and Reader

The attempts to hack the Gmail accounts of human rights activists which sparked Google's threat to pull out of China, exploited flaws in Adobe Reader and Acrobat software.

The revelation by researchers at Verisign iDefence Security Intelligence Services came as Adobe released a critical security patch for both Reader and Acrobat.

Adobe has given no indication of whether the patch is related to the same flaws exploited in the recent attack against Google and more than 20 other large companies, including Adobe, in December.

The attacks were mainly on US technology, finance and defence industry firms with the aim of stealing intellectual property.

The Google attack was mainly aimed at getting information about human rights activists. It targeted an internal system the firm uses to comply with search warrants for data on Google users, said security firm Scansafe.

This industry targeting is not new, with malware attacks against 21 industry verticals recorded in 2008, Mary Landesman, senior security researcher at Scansafe said in a blog post.

Even mass-distributed malware becomes targeted once that malware gets into the corporate network, typically downloading a configuration file that specifies the information to be harvested from a particular organisation, she said.

Google is to hold talks with the Chinese authorities to see if the firm can continue providing search results in the country, but without censoring those results.

"We recognise that this may well mean having to shut down Google.cn, and potentially our offices in China," Google lawyer David Drummond said in a blog post.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy