Adobe Systems Inc. is warning about a potential vulnerability in Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10. Researchers said they have uncovered attacks in the wild in which malicious Acrobat PDF files are exploiting a vulnerability in Flash and dropping a Trojan onto computers.
“The authors of the exploit have managed to take a bug and turn it into a reliable exploit using a heap spray technique,” Patrick Fitzgerald(Symantec Security) said.
Adobe doesn’t offer any mitigation tips, probably because it is still checking this out, but… it seems adobe knew about this since December, but no one knows how it is a zero-day bug if the exploit was developed around 2 weeks ago and why not fix this.
There seems to be a never ending train of issues with both Flash and Acrobat/Reader.