According to Zscaler's most recent “State of the Web” security research report, 56.46% of enterprise users running Adobe Reader have outdated version installed, making them susceptible to client-side exploitation kits courtesy of web malware exploitation kits such as the Blackhole Exploit Kit which targets vulnerabilities in Adobe Reader and Java.
“Patching and updating is key to security as many attacks now target outdated plug-ins. In fact, recent large hacks making headlines are thought to have been performed by compromising just one plug-in in an enterprise,” said Michael Sutton, VP security research at Zscaler .
Not surprisingly, cybercriminals are quick to adapt. Thanks to the modular nature of web malware exploitation kits, they can add exploits targeting a particular exploitation vector at any time. In this case, Adobe Reader will be exploited "in between" the rest of the client-side exploits available at the disposal of the malicious attacker.