Adobe delivers a patch for JavaScript-related PDF vulnerability

Adobe this week delivered a patch for a highly critical PDF vulnerability that's been hanging open since late April -- 14 days of potential mayhem, but a lot faster than their previous month-long delay on a critical-level hole earlier this year.

Though Adobe has denied knowledge of exploits in the wild for the problem, which stems from a JavaScript memory corruption error, at least one security firm says they're out there if you look. Speaking to SCMagazineUS.com, a representative of Arizona-based Lumension says the firm has spotted infected PDF files on China-based Web servers.

Tuesday was a trifecta of sorts for big updates, to the consternation of some IT managers scrambling to patch everything that needs patching. Microsoft's usual Patch Tuesday collection included one critical-level patch this month (in a set of 14 patches addressing various PowerPoint glitches), while Apple moved OS X 10.5.7 and Safari 3.2.3 as well as the year's second security update, addressing a whopping 67 issues.

The updates to Reader and Acrobat are available for the 7,8, and 9 Windows versions (through 9.1), and for the 8 and 9 versions on Macintosh and Unix; a second vulnerability related specifically to the Unix version of Adobe Reader. A patch for Mac versions of Reader 7 and Adobe 7 should be available before the end of June.