The other day, Adobe announced it had discovered a vulnerability in its Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild, and assured users the company was investigating the issue. The good news is that Adobe's security team has finished the investigation. And the bad news? You'll have to wait until at least January 12, 2010 -- the targeted ship date -- to receive a patch.
According to Adobe, it considering stopping everything else and working immediately on an out-of-cycle security update with a one-off fix, but because that would still take between two and three weeks, doing so would knock off the timing of its next planned quarterly security update. So instead the fix will be rolled into the code branch for the next quarterly update.
Foxit , anyone?