Adobe premieres a second Patch Tuesday each month to deliver fixes faster
Adobe will now issue security patches for its products twice as often to deal with the increasing pace of software vulnerability discovery and exploitation.
This follows Oracle’s decision to increase its quarterly patch program to a monthly one.
Adobe issues patches on the second Tuesday of each month, as do Microsoft and SAP. Starting in July, it will also issue them on the fourth Tuesday of each month, it said in a blog post.
As an early indicator of the need for the faster rhythm, it issued two security advisories dealing with a number of critical vulnerabilities on June 30 — the fifth Tuesday of that month: APSB 26-28 and APSB26-29. It is not alone in issuing out-of-sequence patches for urgent fixes: In April, Microsoft also released one to react to a particular threat.
Adobe said in a blog post that it is responding to the increased level of threats: “Twice-monthly bulletins will enable us to keep pace with the era of frontier AI. More vulnerabilities found means more fixes to deploy and a once-a-month publication window is no longer fast enough to stay ahead of our adversaries. This new cadence is the direct result of investing in improved vulnerability discovery.”
The new schedule will be effective from July 14 and will apply to every advisory that includes a formally published CVE requiring customer action.
This article first appeared on CSO.
Read more: Adobe premieres a second Patch Tuesday each month to deliver fixes faster