Adobe Systems is prepping a patch for a zero-day bug affecting its Reader and Acrobat software for release by Jan. 12.
The vulnerability is considered critical by Adobe and impacts the latest versions of Adobe Reader and Acrobat for Windows, Macintosh and Unix systems. Earlier editions are affected as well. The company has not released much information about the bug, but it is known to be under attack via malicious PDF files.
“There are reports that this vulnerability is being actively exploited in the wild … Adobe recommends that you keep your anti-malware software and definitions up-to-date and monitor releases from your vendor about this issue,” Adobe Security Program Manager David Lenoe wrote on the company’s Product Security Incident Response Team blog Dec. 15.
Adobe has said it will patch another vulnerability in January as well. That bug impacts Adobe Illustrator CS4 and CS3, and can be exploited to execute code via a malicious Encapsulated PostScript file in Illustrator. Proof-of-concept exploit code has already been published on the Web.