OS/Platform/Application:

Adobe Reader
Adobe Acrobat
(on Windows, Mac, and UNIX systems)

Category: ALERT
Severity: HIGH
Attention: Reader/Acrobat users, System Administrators, Desktop Support Personnel.

Summary: Adobe systems inc has released a security advisory for a critical vulnerability in its popular Reader and Acrobat products.  Adobe Reader and Acrobat handle Portable Document Format (.PDF) files which are commonly found on numerous websites and attached to email documents, etc.  At the time of this writing (7:50 AM 10/9/09) no patch is available from the vendor to address this issue.  Adobe systems is acknowledging that this vulnerability is currently being actively exploited on the public Internet.

Recommended Actions: Adobe systems is reporting that a fix for the vulnerability will be released on October 13.  Reader and Acrobat users should update their software when the fix ix made available. In the meantime, users are encouraged NOT to handle .PDF documents from untrusted sources or websites, or to consider using another product for handling such files.

Readers are encouraged to share this alert with family, friends, and associates.

ITS Actions: N/A

Resources:

Adobe PSIRT Blog entry on vulnerability:
http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html