Adobe (NASDAQ: ADBE) says that it will issue an emergency out-of-band security patch to resolve a critical vulnerability in its Reader and Acrobat software. At the moment, this is scheduled to take place on the week of August 16. First demonstrated at the Black Hat security conference last week, the flaw involves exploiting an integer overflow in a component tasked with parsing fonts in Adobe's software.

Essentially, a normal PDF file with a specially-crafted TrueType font could result in memory corruption and the execution of arbitrary code. The bug was disclosed by well-known security researcher Charlie Miller, and an analysis of his findings could be found here (.pdf). An arbitrary execution of code usually means that an attacker is able to inject and execute his malware of choice in a target system.

Long criticized for its poor track record in security, what was surprising this time is how quickly Adobe seems to be moving to address the bug. In addition, Adobe has also hinted that the patch to resolve this issue will also fix additional vulnerabilities not uncovered by Miller. The company also says that the next scheduled quarterly update on October 12 is unaffected.

Has security management truly changed for the better at Adobe?

For more on this story:
- check out this article at Computerworld
- check out this article at CNET News

Related Articles:
Researcher: Adobe patch does not fully resolve critical vulnerability
Adobe warns vulnerability could crash systems
Adobe throws in the towel on Flash for iPhone platform
What HTML5 has in store for the Internet