Adobe Downplays Zero-Day Flaw

By Kara Reeder | Dec 17, 2009 | Print this Page
According to V3.co.uk, Adobe is downplaying the zero-day vulnerability that affects all versions of Acrobat and Reader on all platforms. In a blog post, Adobe director of product security and privacy Brad Arkin explains why the company will not release a patch for the flaw until Jan. 12:

We made major investments as part of our security initiative earlier this year that allow us to deliver patches more quickly. We estimated that delivering an out-of-cycle update would require somewhere between two and three weeks. Unfortunately, this option would also negatively impact the timing of the next quarterly security update ... The team determined that by putting additional resources over the holidays towards the engineering and testing work required to ship a high confidence fix for this issue with low risk of introducing any new problems ...

Until the update is available, Adobe has offered up a number of ways users can help mitigate the threat.