surferdude
12-20-2009, 09:31 PM
Computerworld - Adobe chose to wait until mid-January to patch a critical PDF bug because issuing an emergency update would have disrupted its quarterly security update schedule, the company said today.
Unless users apply one of the workarounds that Adobe's suggested, the decision will leave systems open to attack until Jan. 12, when the patch is released (http://www.computerworld.com/s/article/9142388/Adobe_won_t_patch_latest_PDF_zero_day_until_Jan._12). According to several security firms, the flaw has been in use by criminals since at least Nov. 20. Adobe only found out Monday (http://www.computerworld.com/s/article/9142280/Adobe_probes_new_in_the_wild_PDF_bug) that the vulnerability in its Reader and Acrobat applications was being actively exploited.http://www.computerworld.com/s/article/9142479/Adobe_explains_PDF_patch_delay
Unless users apply one of the workarounds that Adobe's suggested, the decision will leave systems open to attack until Jan. 12, when the patch is released (http://www.computerworld.com/s/article/9142388/Adobe_won_t_patch_latest_PDF_zero_day_until_Jan._12). According to several security firms, the flaw has been in use by criminals since at least Nov. 20. Adobe only found out Monday (http://www.computerworld.com/s/article/9142280/Adobe_probes_new_in_the_wild_PDF_bug) that the vulnerability in its Reader and Acrobat applications was being actively exploited.http://www.computerworld.com/s/article/9142479/Adobe_explains_PDF_patch_delay