NY daily news:Adobe Joins Microsoft with 'Patch Tuesday'

Adobe has announced a series of measures to improve security throughout the company's products and practices.

Growing out of a threat landscape that has brought unwelcome attention to Adobe Reader and Acrobat from malicious actors across the Internet, the company months ago began a 3-pronged approach to improving the safety of their software:


3. Adopting the same patch day as Microsoft's is a deliberate policy adopted with the encouragement of customers and it's easy to see why: Customers are geared up on that day to evaluate vulnerabilities and update software. By joining in on the same day they make things easier for their customers. Many companies have snuck in updates on Patch Tuesday before, including Adobe this month, but Adobe is the first company to do so as a policy. I wouldn't be surprised if this turns into a trend.


These goals are all good news for all of us because it's true that PDF has become one of, if not the top attack target on the Internet. The 3 approaches all will help to reduce the attack surface of that target, If I have any advice for them beyond them it would be to guide development in the future in order to increase opportunities for practical mitigation of known vulnerabilities without having to go to the extreme of disabling JavaScript.