Adobe’s PSIRT team is reporting a zero day exploit for one of their products. This software vulnerability affects Adobe Acrobat and Adobe Reader 9.2 and earlier. PSIRT is reporting the vulnerability is actively exploited being in the wild.
The NVD Database has more information on this vulnerability: CVE-2009-4324
Until Adobe patches this vulnerability, do not open or accept any PDF files from sources you do not know or can fully trust. SANS is also talking about a workaround, but I have not seen Adobe confirm this workaround yet.
January’s patch Tuesday will mark Adobe’s quarterly update release. I expect them to patch this vulnerability at that time and highly doubt they will release a patch before then.
- Jason Miller
