Nearly a week after an unidentified hacker posted attack code that exploits a flaw in Adobe's Illustrator software, the company says it will fix the issue by 8 January.
In a security advisory released Monday, Adobe confirmed that the attack affects versions 3 and 4 of its Illustrator Creative Suite software and said the flaw could give hackers a way to run unauthorised software on a victim's computer.
The attack code, posted last Tuesday, works when a victim opens a specially crafted Encapsulated PostScript (.eps) file in Illustrator. "Adobe categorises this as a critical issue and recommends that users avoid opening .eps files from unknown or untrusted sources in Illustrator until a patch is available," the company said.
"Adobe plans to make available an update to Adobe Illustrator to resolve the issue by January 8, 2010," the company added in a note on its website.
Meanwhile, both Adobe and Microsoft are scheduled to issue critical security patches on Tuesday. Adobe will fix critical flaws in Flash Player. Microsoft is set to fix 12 bugs in a variety of its products, including a critical flaw in Internet Explorer that was publicly disclosed a few weeks ago.