The Internet Storm Center at the SANS Institute has posted a diary entry about a newly discovered security vulnerability in Adobe’s Reader and Acrobat software, which is apparently being actively exploited. Adobe has issued a Security Advisory, but they have not provided much in the way of details so far. The flaw is apparently triggered by a maliciously-crafted PDF file; so far, it has been seen as an attachment to a phishing E-mail, hawking a method to improve your golf score: “David Leadbetter’s One Point Lesson”. This particular example of the exploit apparently causes Acrobat or Reader to crash, and then opens a dummy file. The vulnerability apparently exists on all versions of the software, including 9.3.4, the most current, on all platforms (MAC OS X, Windows, and UNIX/Linux).
I will post updated information here as I learn of it.