Adobe published an advisory yesterday proposing a manual mitigation for zero-day exposures in its Reader and Acrobat products that are being exploited in the wild.
The exploit is the first sandbox escape in Adobe Reader X and above. FireEye, a security research company, which reported the exposure to Adobe on Tuesday, has issued additional details about the exploit calling it Trojan.666 based upon the name of an image base found in the attack.
Adobe mentioned there are two vulnerabilities (CVE-2013-0640 and CVE-2013-0641) involving Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Mac OS X systems. Active exploits are applying malevolent PDFs attached to phishing messages aiming to be a travel visa application called Visaform Turkey.pdf.