Adobe, although they have admitted to the flaw, has not given a time line for fixing the affected applications with include Acrobat (Reader as well) 9.1, 8.1.4, 7.1.1 and earlier.

According to an advisory from Adobe, the critical vulnerability exists in Adobe Reader and Acrobat 9.2 and earlier versions. It is being exploited in the wild.

Customers using Adobe Reader or Acrobat versions 9.2 or 8.1.7 can utilize the JavaScript Blacklist Framework to prevent this vulnerability. Please refer to the TechNote for more information.

Adobe fixed multiple security vulnerabilities in both Reader and Acrobat 9 and X for Mac OS X and Windows. The company also added a new JavaScript whitelisting feature.

The critical-severity Adobe Acrobat and Reader vulnerabilities could enable arbitrary code execution and are part of a 14-CVE patch update.

Adobe's Acrobat and Acrobat Reader packages are currently under attack from a JavaScript-based exploit, similar to one which afflicted the software back in June.

Adobe patched its free Reader and commercial Acrobat software this week to plug the latest in what one researcher called an u201cepidemicu201d of JavaScript vulnerabilities.

All users of Adobe Reader/Acrobat should therefore show extreme caution when deciding which PDF files to open regardless of whether they have disabled JavaScript support or not.

Adobe acknowledged that all versions of Reader and Acrobat contain at least one critical vulnerability.

Adobe is urging users of its PDF Reader and Acrobat software to install an update that fixes a couple of critical security holes in the products. The patches come amid news that booby-trapped PDF ...

Security firm Sophos has urged Adobe to disable Javascript by default in its PDF products, Adobe Reader and Adobe Acrobat. Sophos believes that Adobe needs to 'overhaul its approach to building ...