Adobe To Release Patch For Zero Day Exploit This Week
"Adobe is in the process of working on fixes for these issues and plans to make available updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux during the week of February 18, 2013," Adobe stated in an updated security bulletin.
The security hole in question is actively being exploited in the wild in targeted attacks designed to trick Windows users into clicking on malicious PDF files, Adobe confirmed last week. What's particularly frightening about this specific attack is that it's immune to Adobe's sandbox technology baked into later versions of Reader. The sandbox technology is supposed to keep attacks isolated from the operating system so that they can't do any real harm.
If you use Adobe Reader, it's recommended that you enable Protected View until a patch is released. You can do this by navigating to Edit > Preferences > Security (Enhanced) and selecting the "Files from potentially unsafe locations" option.
Just another day in the life of Adobe, really.