Adobe Downplays Zero-Day Flaw
Brad Arkin explains why the company will not release a patch until Jan. 12.
We made major investments as part of our security initiative earlier this year that allow us to deliver patches more quickly. We estimated that delivering an out-of-cycle update would require somewhere between two and three weeks. Unfortunately, this option would also negatively impact the timing of the next quarterly security update ... The team determined that by putting additional resources over the holidays towards the engineering and testing work required to ship a high confidence fix for this issue with low risk of introducing any new problems ...
Until the update is available, Adobe has offered up a number of ways users can help mitigate the threat.