and Oracle Join the Fray

While Adobe and don't follow the same security update and patch release cycle as Microsoft, both coincidentally released critical updates of their own today.

Adobe published a quarterly patch which that has been actively exploited in-the-wild since the holidays. As a temporary workaround, Adobe has recommended being exploited.

nCircle's Storms noted "Once considered the safest document format, Adobe PDF has fallen prey to a rash of serious security threats. After a solid year of security issues, Adobe's product security and secure product development practices are being seriously questioned. It's ironic to consider that we may have reached the point where Microsoft Office documents are now more secure than PDF documents."

Storms also commented on the recommended workaround from Adobe "Part of the controversy surrounding this vulnerability has been the mitigation advice from Adobe that included the recommendation to disable JavaScript. The security issues surrounding JavaScript and Adobe have left a lot of people wondering why JavaScript is included in Adobe's PDF products at all."