Adobe Downplays Zero-Day Flaw

Brad Arkin explains why the company will not release a patch until Jan. 12.

 By Kara Reeder
Page of   |  Back to Page 1
Print Article
According to V3.co.uk, Adobe is downplaying the zero-day vulnerability that affects all versions of Acrobat and Reader on all platforms. In a blog post, Adobe director of product security and privacy Brad Arkin explains why the company will not release a patch for the flaw until Jan. 12:

We made major investments as part of our security initiative earlier this year that allow us to deliver patches more quickly. We estimated that delivering an out-of-cycle update would require somewhere between two and three weeks. Unfortunately, this option would also negatively impact the timing of the next quarterly security update ... The team determined that by putting additional resources over the holidays towards the engineering and testing work required to ship a high confidence fix for this issue with low risk of introducing any new problems ...

Until the update is available, Adobe has offered up a number of ways users can help mitigate the threat.

This article was originally published on Dec 17, 2009
Get the Latest Scoop with Networking Update Newsletter