Adobe has confirmed FireEye researchers' findings about new Adobe Reader and Acrobat zero-day vulnerabilities being exploited in the wild and has issued a security bulletin detailing the flaws and offering mitigation advice until a patch is released.
AlienVault Labs researchers have unearthed a piece of malware that takes advantage of the recently discovered zero-day Adobe Reader flaw used for attacking defense contractors.
Adobe has issued new versions of Reader and Acrobat, patching 14 vulnerabilities.
Critical vulnerabilities have been identified in Adobe Reader 9.4 (and earlier versions) for Windows, Macintosh and UNIX, and Adobe Acrobat 9.4 (and earlier 9.x versions) for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system. In addition to addressing CVE-2010-3654 noted in Security Advisory APSA10-05 and CVE-2010-4091 referenced in the Adobe PSIRT blog ("Potential issue in Adobe Reader"), these updates also incorporate the Adobe Flash Player update as noted in Security Bulletin APSB10-26. Adobe recommends users of Adobe Reader 9.4 and earlier versions for Windows and Macintosh update to Adobe Reader 9.4.1, available now.