A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions.
The company has claimed that the vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system; with reports made that this issue is being exploited already.
Adobe has categorised this as a critical issue and has recommended that users update their virus definitions and exercise caution when opening files from untrusted sources. It is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue and expects to make an update available for Adobe Reader 9 and Acrobat 9 by the 11th March. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow.
“While the distribution of this exploit thus far appears to be targeted, new variants are expected as more information is made public. As with the Conficker experience, the lack of good patch management is a very worrying trend that deserves more attention from IT security practitioners.”