According to an advisory from Adobe, the critical vulnerability exists in Adobe Reader and Acrobat 9.2 and earlier versions. It is being exploited in the wild.

Adobe's Acrobat and Acrobat Reader packages are currently under attack from a JavaScript-based exploit, similar to one which afflicted the software back in June.

Adobe fixed multiple security vulnerabilities in both Reader and Acrobat 9 and X for Mac OS X and Windows. The company also added a new JavaScript whitelisting feature.

We have seen reports that disabling JavaScript in Adobe Reader and Acrobat can protect users from this issue. Disabling JavaScript provides protection against currently known attacks.

Customers using Adobe Reader or Acrobat versions 9.2 or 8.1.7 can utilize the JavaScript Blacklist Framework to prevent this vulnerability. Please refer to the TechNote for more information.

3. Select the JavaScript Category 4. Uncheck the ‘Enable Acrobat JavaScript’ option 5. Click OK Better yet, consider using an alternative PDF reader, such as the free Foxit Reader.

Adobe acknowledged that all versions of Reader and Acrobat contain at least one critical vulnerability.

The issue is JavaScript and the way that Acrobat and Flash (the plug-in for Flash and Flash Player) handle it. They just do not do so very well at all. Because of this little problem arbitrary ...

Adobe is urging users of its PDF Reader and Acrobat software to install an update that fixes a couple of critical security holes in the products. The patches come amid news that booby-trapped PDF ...