It’s a zero-day vulnerability in Adobe’s ubiquitous PDF offering that can cause computers to shut down or be taken over by hackers. Adobe has acknowledged the threat, but says a patch won’t be coming for almost a month. eSecurityPlanet explains the delay.
Adobe this week acknowledged that a new PDF zero-day vulnerability is causing computers running its Reader and Acrobat applications to shut down and potentially be usurped by hackers.
But the software developer won’t be offering the appropriate patches until Jan. 12.
In an advisory posted Tuesday on its Web site, Adobe officials said they’re aware that this “vulnerability is being actively exploited in the wild.”
Adobe (NASDAQ: ADBE) is recommending that customers use the JavaScript Blacklist Framework functionality, which is detailed in the advisory, or that they simply disable JavaScript in versions of both applications to “mitigate” the vulnerability until it releases the fixes during its regularly scheduled quarterly security update on Jan. 12.
The reason for the delay?