Adobe Says: "SUX 2B U"

"Adobe won't patch the newest critical vulnerability in its PDF viewing and editing software for another four weeks, even though attack code has been publicly released.

"In an update yesterday to the security advisory it issued Tuesday, Adobe set the patch date as Jan. 12, 2010, which is also the next regularly-scheduled quarterly security update for Adobe Reader and Adobe Acrobat. Most of the advisory was dedicated to confirming the bug -- which the company had first disclosed late Monday -- and providing instructions for blacklisting the JavaScript API call that contains the flaw.

"Other security experts have urged users to disable JavaScript in Reader and Acrobat to protect themselves until Adobe ships a fix."

From COMPUTERWORLD...