Adobe issued a preliminary security advisory advising customers to watch out for the updates, which are scheduled for December 8. It also provided a heads-up on its Adobe Product Security Incident Response Team (PSIRT) blog. The update will be listed as critical, it advised.
This has been a particularly bad week for Adobe. The PSIRT also confirmed reports of a security vulnerability in the Adobe Illustrator product. "We are currently investigating this issue and will have an update once we have more information", the team had said on Friday. "It appears that this issue would require a local user to take the action of opening a malicious .eps file in Illustrator." It resolved to patch that security flaw today.
Adobe products have been the subject of considerable scrutiny in the past few months, and the company has been forced to issue several security updates to fix critical vulnerabilities that have resulted in zero-day attacks. In October, a zero-day exploit affecting Adobe Reader and Acrobat was discovered. In February, another security problem was found in those products. Attackers were exploiting those security issues with malicious PDF files.
In May, a zero-day exploit was found to be targeting a vulnerability in the Adobe Flash player. Another was found in July.
In late September, Adobe joined the Software Assurance Forum for Excellence in Code (SAFECode), a nonprofit organization that aims to increase user trust in information technology products using software assurance techniques.