Adobe Downplays Zero-Day Flaw

According to, Adobe is downplaying the zero-day vulnerability that affects all versions of Acrobat and Reader on all platforms. In a blog post, Adobe director of product security and privacy Brad Arkin explains why the company will not release a patch for the flaw until Jan. 12:

We made major investments as part of our security initiative earlier this year that allow us to deliver patches more quickly. We estimated that delivering an out-of-cycle update would require somewhere between two and three weeks. Unfortunately, this option would also negatively impact the timing of the next quarterly security update … The team determined that by putting additional resources over the holidays towards the engineering and testing work required to ship a high confidence fix for this issue with low risk of introducing any new problems …

Until the update is available, Adobe has offered up a number of ways users can help mitigate the threat.

Latest Articles

Follow Us On Social Media

Explore More