A few days ago, we wrote about a zero-day Adobe Acrobat and Reader flaw, for which active exploits have been seen in the wild. Adobe has announced that they will patch this flaw with their next quarterly update, due to be issued on January 12. Why will it take them so long?
Computerworld looks at the question and talks to Brad Arkin, Adobe’s director for product security and privacy. Adobe, it seems, doesn’t have the manpower to push out a patch more quickly, and is worried about disturbing its quarterly patch cycle, the next release of which is due on January 12. Arkin gives all types of reasons why he thinks this is a good idea, but for users, its certainly not a good idea. It leaves tens of millions of computer users vulnerable to a vulnerability that is being exploited (though only on Windows computers for now) for nearly a month.