Adobe has set a May 12 date for the delivery of patches to cover a critical zero-day vulnerability in its Reader and Acrobat 9.1 software products. An official security advisory from Adobe confirms the severity of the vulnerability and reiterates the advice for users to turn off JavaScript as a temporary measure to avoid code execution attacks. However, customers have started to grumble that Adobe s mitigation is difficult to implement and, even worse, useless in corporate environments. The vulnerabilities could enable arbitrary code execution and are part of a 14-CVE patch update.
Source: https://threatpost.com/businesses-struggle-adobe-pdf-security-advice-050509/72616/