Adobe did not set a timetable for shipping a patch, but earlier last week Arkin boasted that the company's security team had met a self-imposed 15-day rush patch deadline several times last year. If the company again meets that deadline, it will deliver a fix no later than June 19.
In the meantime, Reader and Acrobat users can protect themselves by deleting or renaming authplay.dll. Doing so, however, means that opening a PDF file containing Flash content will crash the software or produce an error message.
Flash Player 10.1 Release Candidate, which can be downloaded from Adobe's site, "does not appear to be vulnerable," Adobe said, implicitly urging users to shift to the unfinished software.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld . Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org .
Read more about applications in Computerworld's Applications Topic Center.