Adobe zero-day patch won't arrive until 12 January
A recently revealed security flaw in Adobe products won't be patched until mid-January to avoid delaying the firm's regular updates.
A zero-day exploit for Acrobat and Reader won't be fixed until the middle of next month, Adobe has said.
Rather than develop an immediate fix, the company will simply include it as part of its regular patching cycle, due 12 January.
On its security blog, Adobe said it considered the best route to take, saying it could "stop everything else and start work immediately on an out-of-cycle security update to resolve this vulnerability with a one-off fix."
But that update would take two to three weeks. "Unfortunately, this option would also negatively impact the timing of the next quarterly security update for Adobe Reader and Acrobat scheduled for January 12, 2010," the firm said.
Instead, the fix will arrive with the regular patches.
Adobe noted that there are other security fixes in the patch that it wants to get out on schedule."The delay an out-of-cycle security update would force on the regularly scheduled quarterly release represents a significant negative," it said.
"Additionally, an informal poll we conducted indicated that most of the organizations we talked with were in favor of the second option to better align with their schedules," it added.
Four cyber security essentials that your board of directors wants to know
The insights to help you deliver what they needDownload now
Data: A resource much too valuable to leave unprotected
Protect your data to protect your companyDownload now
Improving cyber security for remote working
13 recommendations for security from any locationDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now