Arkin added that rolling out two updates would prove more expensive and time consuming for companies that need to apply the patches. I think taht is actually the business’ decision and the real issue here is that Adobe started late on developing this patch. Connecting with legitimate security researchers should be a priority for Adobe in 2010. Given the number and frequency of serious vulnerabilities being found in Adobe’s products, monthly patch releases would be in order. It is almost 4 years to the day after Microsoft learned its painful lessons with the WMF vulnerability. Don’t leave customers defenseless against an in-the-wild exploit.
EDIT: There are reports that attackers are exploiting this unpatched flaw in Adobe Reader on an online comic strip syndication service. Hackers have also exploited a vulnerability on a movie review website to redirect visitors to a server containing a maliciously crafted PDF file. The attackers exploited a vulnerability in a PHP script on one of the movie site’s servers. The PDF file exploits two known and patched Adobe Reader vulnerabilities.