Adobe acknowledged that all versions of its popular PDF software, including editions for Windows, the Mac and Linux, contain at least one, and possibly two, critical vulnerabilities.
Proof-of-concept attack code for both bugs has already been published on the Web.
According to Lenoe, Adobe will patch Reader and Acrobat, though he did not spell out a timetable for the fixes. “We are working on a development schedule for these updates and will post a timeline as soon as possible,” he said.
If Adobe’s patching pace for the newest bugs matches that of the February incident, it should have a fix available during the week of May 18.
More information will be posted to Abobe’s security site as it becomes available, said Lenoe.