Chat directly with me if you want. Go to my
Chat page to find a web messenger!
This is quite a normal scenario: A zero-day pops up on the Internet by a security researcher. Immediately afterwards we see the first exploits appearing and being integrated into the different attack tools. Now, the race started: The vendor has to develop a security update, the criminals try to exploit the vulnerability.
Part of the holy grail – so it seems – are these researchers being able to deliver a security update much faster than the vendor and the vendor then is immediately publically told that they fail. This is just happening now with Adobe: Unofficial fix brings temporary relief for critical Adobe vuln
Let me add a few thoughts on this:
Basically, it is a risk management decision, which should include at least the questions I raised above. Do not just run for the unofficial update – to me it should be really the last resort, if even!