Adobe Reader Zero Day Under Attack on Windows
There are reports that the zero day flaw is being actively exploited in the wild with targeted attacks against Adobe Reader 9.x for Windows. However, the flaw itself impacts a broader range of Adobe products, including Adobe Reader X (10.1.1) and earlier versions for Windows and Mac OS X, Adobe Reader 9.4.6 and earlier for Unix, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Mac OS X.
According to Adobe, a successful exploit of the vulnerability could cause the target system to crash, or potentially allow the attacker to take control of the compromised PC.
Adobe is making it a priority to develop an out-of-band patch for Adobe Reader and Adobe Acrobat 9.x for Windows. The patch is expected no later than next week (the week of December 12).
An Adobe ASSET (Adobe Secure Software Engineering Team) blog post explains, “The reason for addressing this issue quickly for Adobe Reader and Acrobat 9.4.6 for Windows is simple: This is the version and platform currently being targeted. All real-world attack activity, both in this instance and historically, is limited to Adobe Reader on Windows.”
There is no imminent threat to the other flavors of Adobe Reader or Acrobat, so Adobe plans to issue patches for those as a part of the next scheduled quarterly update—which will occur January 10, 2012. There are no reports of any malicious PDFs targeting Mac OS X or Unix flavors of Adobe Reader or Acrobat, and Adobe Reader X and Acrobat X for Windows operate in a sandboxed protective mode that would prevent any exploit from executing.
As per usual, Adobe is a little light on specifics, and does not provide much guidance in terms of mitigating factors or workarounds to protect vulnerable systems pending the patch. Suffice it to say you should be extra careful about opening any PDF file that is unsolicited or seems in any way suspicious.