Adobe wrote, "We are in the process of finalizing a fix for the issue and expect to make available an update for Adobe Reader 9.x and Acrobat 9.x for Windows on December 16, 2011. "
The patch will address a U3D memory corruption vulnerability that could cause a crash and allow an attacker to take remote control of a compromised machine.
The vulnerability is currently being exploited in limited, targeted attacks in the wild. So far the primary targets have been computers belonging to defense contractors.
Although the vulnerability affects multiple versions of Acrobat & Reader across multiple platforms (Windows, Mac & UNIX), Adobe focused on releasing a fix for the Acrobat 9.x and Reader 9.x on Windows first since those are the versions actively being targeted.
“We are planning to address this issue in Adobe Reader and Acrobat X and earlier versions for Macintosh as part of the next quarterly update scheduled for January 10, 2012. An update to address this issue in Adobe Reader 9.x for UNIX is planned for January 10, 2012.”
Users with Adobe Reader X & Adobe Acrobat X can utilize the Protected View feature in order to safely view PDFs until the fix is released in January.
Feel free to check out the updated advisory.
Don’t forget to follow us on Twitter at @hyphenet or “Like” us on Facebook to stay up-to-date on the latest tech news & PC security threats.