Adobe Systems Inc. has acknowledged that all versions of its popular PDF software, including editions for Windows, the Mac and Linux, contain at least one, and possibly two, critical vulnerabilities.
Proof-of-concept attack code for both bugs has already been published on the Web.
According to Lenoe, Adobe will patch Reader and Acrobat, though he did not spell out a timetable for the fixes. “We are working on a development schedule for these updates and will post a timeline as soon as possible,” he said.
If Adobe’s patching pace for the newest bugs matches that of the February incident, it should have a fix available during the week of May 18.
Some security experts have urged users to switch PDF viewers. Finnish security company F-Secure Corp. repeated that recommendation today.
More information will be posted to Abobe’s security site as it becomes available, said Lenoe.