Emailing "Adobe Should Fix Vulnerability Faster"
If you missed it, Adobe last week [admitted that Acrobat Reader is vulnerable](http://www.internetnews.com/security/article.php/3805446/Attack+Preys+on+New+Adobe+Acrobat+Vulnerability.htm) to an attack that exploits a buffer overflow to place a downloader on the victim's PC. The downloader can then download and install a keylogger or other malware.
The company is working with anti-virus vendors such as Symantec and McAfee but [announced](http://www.adobe.com/support/security/advisories/apsa09-01.html) that a patch will not be available until March 9 or 11.
Surely that's not good enough. High security enterprises [such as Wall Street firms](http://www.isp-planet.com/technology/2009/wsta+panel.html) already have systems in place that combat downloaders by restricting the access of every device on the network. Anyone with lesser security expects vendors to fix vulnerabilities quickly, initially with a patch that might disable some functionality, and then later with with a software upgrade.