Typically, an out-of-band patch update is a rare event that is reserved for severe and risky zero-day flaws, but that’s not quite what is going on with the new Adobe update.
The CVE-2014-8439 vulnerability was actually first mitigated during Adobe’s regular patch Tuesday update on Oct. 14. Adobe spokesperson, Heather Edell told eWEEK that that October update included a proactive mitigation, which typically is not assigned a common vulnerabilities and exploits, or CVE, number. “We were later notified that there was an attack in the wild, and we identified that the proactive mitigation was blocking this attack,” Edell said. “Since there was a specific attack in this area, we added further mitigations in today’s release.”