New Adobe PDF flaw under attack; Patch coming Tuesday

Adobe has confirmed a critical, unpatched vulnerability in its PDF Reader/Acrobat software is being exploited by malicious attackers.

The vulnerability affects Adobe Reader and Acrobat 9.1.3 and earlier versions on Windows, Macintosh and UNIX.  Adobe described the in-the wild attacks as limited and targeted, suggesting PDF documents rigged with exploits are being attached to e-mails and sent to business targets.

The exploit only targets Adobe Reader and Acrobat 9.1.3 on Windows.

Adobe's advisory offers some mitigations:

Adobe Reader and Acrobat 9.1.3 customers with DEP enabled on Windows Vista will be protected from this exploit. Disabling JavaScript also mitigates against this specific exploit, although a variant that does not rely on JavaScript could be possible. In the meantime, Adobe is also in contact with anti-virus and Security vendors regarding the issue and recommends users keep their anti-virus definitions up to date.

[SEE: MS Patch Tuesday heads-up: 13 bulletins, 34 vulnerabilities ]

Adobe plans to ship a patch for this flaw next Tuesday, the same day Microsoft will release 13 bulletins to cover 34 Windows vulnerabilities.

This Adobe Patch Day is part of the company's Adobe Reader and Acrobat quarterly security update schedule.