A zero-day exploit for Acrobat and Reader won't be fixed until the middle of next month, Adobe has said.
Rather than develop an immediate fix, the company will simply include it as part of its regular patching cycle, due 12 January.
On its security blog, Adobe said it considered the best route to take, saying it could "stop everything else and start work immediately on an out-of-cycle security update to resolve this vulnerability with a one-off fix."
But that update would take two to three weeks. "Unfortunately, this option would also negatively impact the timing of the next quarterly security update for Adobe Reader and Acrobat scheduled for January 12, 2010," the firm said.
Instead, the fix will arrive with the regular patches.
Adobe noted that there are other security fixes in the patch that it wants to get out on schedule."The delay an out-of-cycle security update would force on the regularly scheduled quarterly release represents a significant negative," it said.
"Additionally, an informal poll we conducted indicated that most of the organizations we talked with were in favor of the second option to better align with their schedules," it added.
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
Beat cyber criminals at their own gameWhitepaper A guide to winning the vulnerability race and protection your organization
-
Same cyberthreat, different storyWhitepaper How security, risk, and technology asset management teams collaborate to easily manage vulnerabilities
-
Warning issued over “incomplete” fix for Adobe ColdFusion vulnerabilityNews An incomplete fix for a vulnerability disclosure could be placing users at risk, researchers warned
-
Three steps to transforming security operationsWhitepaper How to be more agile, effective, collaborative, and scalable
-
Should your business start a bug bounty program?In-depth Big tech firms including Google, Apple and Microsoft offer bug bounty programs, but can they benefit smaller businesses too?
-
Accessing the XDR realmWhitepaper A guide for MSPs to unleash modern security
-
Why zero trust strategies failIn-depth Zero Trust is the gold standard for organizations in protecting systems from cyber attacks, but there are many common implementation pitfalls businesses must avoid
