Adobe promises patch for zero-day PDF bug by next Tuesday
That's also Microsoft's monthly patch day for May
Computerworld - Adobe has promised to patch the newest zero-day vulnerability in its popular Adobe Reader software no later than next Tuesday, potentially adding another update to the month's busiest patch day for the second time in three months.
May 12 is also Microsoft's regularly-scheduled monthly Patch Tuesday.
On Friday, Adobe's security team announced that it would issue updates to Adobe Reader and Acrobat -- versions 9.x, 8.x and 7.x for Windows, 9.x and 8.x for Mac and Linux -- by next Tuesday.
"Additionally, we have confirmed the second vulnerability (CVE-2009-1493) for Adobe Reader for Unix," he added, referencing a second bug that was reported last week. "This issue will be resolved in the upcoming Adobe Reader for Unix updates. Currently, we have not been able to reproduce an exploitable scenario for Windows and Macintosh, but we will continue to investigate."
Adobe didn't complete its patching until March 24, when it delivered updates for Linux and Solaris, putting the bug's window of vulnerability at between 19 and 33 days. By comparison, if Adobe patches next Tuesday, the window for the newest flaw would be only 14 days.
We're continuing our work to be able to respond as diligently as possible when issues arise," Brad Arkin, Adobe's director of product security and privacy, said in an e-mail. "The timing of our planned product updates is based on this commitment."
"Their timing is the silver cloud," agreed Andrew Storms, director of security operations at nCircle Network Security Inc. "But it's difficult to see through that cloud."
Storms, who has been critical of Adobe's security process, remained so today. Not only has Adobe set the Reader patch for the same day that Microsoft will roll out it own fixes, but the paucity of information and the lack of security management tools from Adobe continues to frustrate Storms.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Cybersecurity Imperatives Reinvent Your Network Security With Palo Alto Networks The Rise of CyberSecurity
- 10 Things Your Next Firewall Must do Next-Generation Firewalls Defined
- Firewall Buyers Guide Operate as the core of your network security infrastructure
- Getting Started With a Zero Trust Approach to Network Security The Traditional Approach to Network Security is Failing. View Now>>
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts