Adobe won’t fix zero-day exploit until mid-January

Adobe has decided to delay rolling out a fix to a security hole in Reader and Acrobat until 12 January.

Adobe won't fix zero-day exploit until mid-January

Earlier this week Adobe admitted that a flaw in Reader and Acrobat had been exploited in the wild. The hole allows a malicious PDF to execute code, even on fully-patched versions of Adobe’s software.

In an update posted on the Adobe Secure Software Engineering Team blog, the company says it’s decided to wait and address the bug in its next quarterly security update, rather than rush out a fix beforehand.

“The team determined that by putting additional resources over the holidays towards the engineering and testing work required to ship a high confidence fix for this issue with low risk of introducing any new problems, they could deliver the fix as part of the quarterly update on 12 January 2010,” the blog states.

Adobe claims that dropping everything and working on an immediate fix for this latest hole could delay the regular quarterly update, creating further problems. “We estimated that delivering an out-of-cycle update would require somewhere between two and three weeks,” Adobe claims. “Unfortunately, this option would also negatively impact the timing of the next quarterly security update for Adobe Reader and Acrobat scheduled for 12 January 2010.”

“The delay an out-of-cycle security update would force on the regularly scheduled quarterly release represents a significant negative,” the company adds. “Additionally, an informal poll we conducted indicated that most of the organisations we talked with were in favour of the second option, to better align with their schedules.”

Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.

Todays Highlights
How to See Google Search History
how to download photos from google photos