The configuration of the build server was not up to Adobe's corporate standards for a server of this nature, Arkin said. "We are investigating why our code-signing access provisioning process in this case failed to identify these deficiencies."

The misused code-signing certificate was issued by VeriSign on Dec. 14, 2010, and is scheduled to be revoked at Adobe's request on Oct. 4. This operation will impact Adobe software products that were signed after July 10, 2012.

"This only affects the Adobe software signed with the impacted certificate that runs on the Windows platform and three Adobe AIR applications that run on both Windows and Macintosh," Arkin said.

Adobe published that lists the affected products and contains links to updated versions signed with a new certificate.

Symantec, which now owns and operates the VeriSign certificate authority, stressed that the misused code-signing certificate was entirely under Adobe's control.