Adobe plays down new flaw fears

By

Delays patch until next year.

Adobe has sought to explain to customers the reason for its delaying until mid-January the patch for a newly found critical vulnerability currently being exploited in the wild.

An Adobe security advisory said that the flaw, which V3.co.uk first reported on Tuesday, affects Adobe Reader and Acrobat 9.2 and earlier versions, and "could cause a crash and potentially allow an attacker to take control of the affected system".

In a blog posting yesterday, Adobe director of product security and privacy Brad Arkin tried to explain why the firm will not release a patch for the flaw until 12 January, even though it has admitted that there are reports of it currently being exploited.

He argued that, if the security team worked on an out-of-cycle update, it would take two to three weeks and "negatively impact the timing of the next quarterly security update".

"The team determined that, by putting additional resources over the holidays towards the engineering and testing work required to ship a high confidence fix for this issue with low risk of introducing any new problems, they could deliver the fix as part of the quarterly update on January 12 2010," he explained.

In the meantime, Adobe is recommending that customers either disable JavaScript in Reader and Acrobat or, for those running versions 9.2 or 8.1.7, to use the JavaScript Blacklist Framework.

Adobe plays down new flaw fears
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift

Sportsbet recruits 'security champions' in shift-left strategy

Sportsbet recruits 'security champions' in shift-left strategy

Log In

  |  Forgot your password?