Yesterday a security researcher disclosed a vulnerability in Adobe Reader that allows malicious code to be executed.[1. http://www.theregister.co.uk/2010/08/04/critical_adobe_reader_vuln/ ] The vulnerability has been confirmed by Adobe’s senior director of product security and privacy. “Key to the decision is determining whether there are enough details available from Miller’s talk for the vulnerability to be exploited in real-world attacks.” Apparently there are enough details out there as a patch is planned for the week of August 16th.
You can read more of the details at Adobe’s Security Bulletin for the vulnerability and the Adobe PSIRT blog.
Adobe is planning to release updates for Adobe Reader 9.3.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 for Windows and Macintosh, and Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh to resolve critical security issues, including CVE-2010-2862 which was discussed at the Black Hat USA 2010 security conference on Wednesday, July 28, 2010. Adobe expects to make these updates available during the week of August 16, 2010.
There are no known exploits of this vulnerability in the wild at this time. The next quarterly update for Adobe Acrobat and Reader is scheduled for October 12th.