Adobe has warned about a zero-day vulnerability that is being exploited in the wild. According to Adobe, the problem is caused by a U3D memory corruption vulnerability that can be exploited to cause a crash and permit an attacker to hijack a system.
It has been used in attacks on targeted attacks against Adobe Reader 9.x on Windows. However, the bug also affects Adobe Reader and Acrobat 9.4.6 and earlier 9.x versions for UNIX and Macintosh computers, as well as Adobe Reader X (10.1.1) and Acrobat X (10.1.1) and earlier 10.x versions on Windows and Mac.
“We are in the process of finalising a fix for the issue and expect to make available an update for Adobe Reader and Acrobat 9.x for Windows no later than the week of December 12, 2011,” Adobe’s advisory reads.