Questions and observations
The press release dated 27th September notes that :
"The revocation of the impacted certificate for all code signed after July 10, 2012 is planned for 1:15 pm PDT (GMT -7:00) on Thursday October 4, 2012."
So, the compromise of the cert occurred on 10th July, but they only discovered this by chance when some malware signed by an Adobe cert was submitted some months later. That's not exactly a shining example of security auditing is it.
The also state that:
"We believe the threat actors established a foothold on a different Adobe machine and then leveraged standard advanced persistent threat (APT) tactics to gain access to the build server "
Apart from the weasel words (why can't they say "attackers" rather than "Threat Actors"), this suggests that a separate machine was compromised and used for some period of time before the compromise of the cert. Has that machine been isolated and what was the mechanism of access to that machine?
"Scrambling" (as per the article title) suggests a fast reaction. Good that they took immediate action upon validation of the compromised cert, but they don't say what date that was and they don't explain why it will take at least 7 days (27th Sept to 4th Oct) to revoke and implement a new Cert. Hardly seems to be "scrambling" when it takes 7 days...