Shortly after, Adobe and Microsoft stated that the latter's EMET (Enhanced Mitigation Experience Toolkit) 2.0 could be used to mitigate the issue - which stemmed from a library that does not take advantage of address space layout randomisation (ASLR) plus the use of an old and deprecated string function - on Windows XP, Vista, Windows Server 2003 and 2008, and Windows 7. While the vulnerability is also present in the Mac and Unix versions of the software, there are no reports of exploits.
The company has now announced that an update is expected in the week of October 4. This update will be a slightly accelerated release of the quarterly update that was scheduled for October 12.
Adobe released out-of-cycle patches for Acrobat and Reader in August. As with the latest scare, the issue addressed at that time concerned font handling.
Adobe has also warned of a critical vulnerability in in Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux and Solaris, as well as Adobe Flash Player 10.1.92.10 for Android. Acrobat and Reader 9.3.4 and earlier versions are also affected.
Please read on for more on the Flash vulnerability.
Updates for Flash Player are expected during the week of September 27, with the corresponding fixes for Acrobat and Reader being delivered in the updates now planned for October 4.
Until then, the only mitigation suggested by Adobe is to keep anti-malware software up to date.