ZDNet warns a new zero-day flaw in Adobe's Reader and Acrobat software is being exploited in-the-wild:
Details on the vulnerability are not yet public but the sudden warning from Adobe is a sure sign that rigged PDF documents are being used by malicious hackers to take complete control of machines with the latest versions of Adobe Reader/Acrobat installed.
Here’s Adobe’s warning:follow Ryan Naraine on twitter
A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system.There are reports that this vulnerability is being actively exploited in the wild.
Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability.