The exploit that was used to target Lockheed Martin and many other companies has now been patched, says Adobe. The exploit exists in the latest version of Reader and Acrobat 10 but the version’s “Protected Mode” feature prevents it from being successful. Reader X and Acrobat X will be addressed in their next quarterly security update, January 10th, 2012. Version 8’s support expired a month ago so that left only version 9 of the software that Adobe needed to urgently patch.
From today’s security bulletin:
There have been reports of two critical vulnerabilities being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows. These vulnerabilities (CVE-2011-2462, referenced in Security Advisory APSA11-04, and CVE-2011-4369) could cause a crash and potentially allow an attacker to take control of the affected system.
Today’s updates address these vulnerabilities in Adobe Reader and Acrobat 9.x for Windows. Adobe recommends users of Adobe Reader 9.4.6 and earlier 9.x versions for Windows update to Adobe Reader 9.4.7. Adobe recommends users of Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows update to Adobe Acrobat 9.4.7.
You can update the system by using the auto-update tool inside the software or finding the patch on the Adobe FTP site (Reader/Acrobat). Of course, it might be a good time to update to version 10 if you have no other constraints.