Adobe published an advisory yesterday proposing a manual mitigation for zero-day exposures in its Reader and Acrobat products that are being exploited in the wild.
The exploit is the first sandbox escape in Adobe Reader X and above. FireEye, a security research company, which reported the exposure to Adobe on Tuesday, has issued additional details about the exploit calling it Trojan.666 based upon the name of an image base found in the attack.
Adobe said it is working on an emergency patch for the popular document reader. In the meantime, it urges users to enable the product’s Protected View feature, which is off by default.
Adobe mentioned there are two vulnerabilities (CVE-2013-0640 and CVE-2013-0641) involving Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Mac OS X systems. Active exploits are applying malevolent PDFs attached to phishing messages aiming to be a travel visa application called Visaform Turkey.pdf.