Adobe has confirmed a critical, unpatched vulnerability in its PDF Reader/Acrobat software is being exploited by malicious attackers.
The vulnerability affects Adobe Reader and Acrobat 9.1.3 and earlier versions on Windows, Macintosh and UNIX. Adobe described the in-the wild attacks as limited and targeted, suggesting PDF documents rigged with exploits are being attached to e-mails and sent to business targets.
The exploit only targets Adobe Reader and Acrobat 9.1.3 on Windows.
Adobe's advisory offers some mitigations:
Adobe plans to ship a patch for this flaw next Tuesday, October 13, 2009.