After confirming the existence of a zero-day vulnerability affecting its Reader and Acrobat software, Adobe
said it plans to make available an update that will resolve the issue. The patch will come out sometime this week, though Adobe wasn't able to nail down a specific day.
"Adobe is in the process of working on fixes for these issues and plans to make available updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux during the week of February 18, 2013," Adobe stated in an updated security bulletin.
The security hole in question is actively being exploited in the wild in targeted attacks designed to trick Windows users into clicking on malicious PDF files, Adobe confirmed last week
. What's particularly frightening about this specific attack is that it's immune to Adobe's sandbox technology baked into later versions of Reader. The sandbox technology is supposed to keep attacks isolated from the operating system so that they can't do any real harm.
If you use Adobe Reader, it's recommended that you enable Protected View until a patch is released. You can do this by navigating to Edit > Preferences > Security (Enhanced) and selecting the "Files from potentially unsafe locations" option.
Just another day in the life of Adobe