Adobe announced a patch to fix a critical security hole in Flash Player will be released today, but unfortunately users of Adobe Reader and Acrobat will have to wait until June 29 to get the fix.
This evening, we updated APSA10-01 for CVE-2010-1297 to include the target ship schedules for the security updates for Adobe Flash Player, Adobe Reader and Acrobat. The security update for Flash Player will be available by June 10, 2010. The security update for Adobe Reader and Acrobat will be available by June 29, 2010.
The June 29, 2010 security update for Adobe Reader and Acrobat represents an accelerated release of the next quarterly security update originally scheduled for July 13, 2010. In addition to addressing CVE-2010-1297, the accelerated next quarterly Adobe Reader and Acrobat update will also resolve a number of responsibly disclosed vulnerabilities. The full details will be in the Security Bulletin and Release Notes we will publish when the security update is posted.
Among other options, we also considered the alternative of releasing a one-off 0-day fix followed a couple of weeks later by the July 13 quarterly update. However, two patches within three weeks would have incurred too much churn and patch management overhead on our users, in particular for customers with large managed environments.