Adobe: Hang Tight, We'll Fix Things Next Month

Paul Lilly

The other day, Adobe announced it had discovered a vulnerability in its Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild, and assured users the company was investigating the issue. The good news is that Adobe's security team has finished the investigation. And the bad news? You'll have to wait until at least January 12, 2010 -- the targeted ship date -- to receive a patch.

According to Adobe, it considering stopping everything else and working immediately on an out-of-cycle security update with a one-off fix, but because that would still take between two and three weeks, doing so would knock off the timing of its next planned quarterly security update. So instead the fix will be rolled into the code branch for the next quarterly update.

But don't worry, says Adobe, because introduced in Adobe Reader and Acrobat versions 9.2 and 8.1.7 with the quarterly update in October is a JavaScript Blacklist mitigation feature. This allows "administrators of larger enterprise managed desktop environments to easily disable access to individual JavaScript APIs."

Foxit , anyone?

Around the web

by CPMStar (Sponsored) Free to play

Comments