Adobe has released a security bulletin to patch a “critical” code execution flaw affecting the ubiquitous PDF Reader and Acrobat software.
However, the patch is only available for Adobe Reader 9 and Acrobat 9. Earlier versions of the software are affected by the vulnerability — and in the wild attacks — but Adobe says those fiixes are delayed for at least another week.
From Adobe’s bulletin:
A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. This issue is remotely exploitable. There are reports that this issue is being exploited.
Adobe recommends users of Adobe Reader and Acrobat 9 update to Adobe Reader 9.1 and Acrobat 9.1. Adobe is planning to make available updates for Adobe Reader 7 and 8, and Acrobat 7 and 8, by March 18. In addition, Adobe plans to make available Adobe Reader 9.1 for Unix by March 25.
More coverage at Techmeme.