Adobe's recent patch for Acrobat addresses a vulnerability deemed zero-day by researchers but lacks emphasis on its PoC exploit, raising concerns about sysadmin prioritization.
Despite a CVSS score of 7.8 indicating 'high' severity, Adobe classifies the vulnerability as 'critical', which may mislead sysadmins about its urgency and potential impact.
Expmon expressed frustration that Adobe did not release a timely patch despite having identified the issue months earlier, indicating a secondary fix is now necessary.
Researcher Haifei Li warns that the existence of a proof-of-concept exploit poses a serious risk, mandating quick action from system administrators to patch Acrobat effectively.
[
Collection
]
[
|
...
]