The company said that it had received reports of attacks targeting a previously unknown flaw in both Adobe Reader and Acrobat.
When exploited, the flaw allows an attacker to remotely execute code on a targeted system.
The issue is believed to effect version nine and earlier of both Acrobat and Reader. According to security firm Shadowserver, the vulnerability exists in the way both programs handle JavaScript within PDF files.
The infected files trigger a memory buffer overflow, which in turn allows the attacker to remotely execute code on the targeted system.
"Right now we believe these files are only being used in a smaller set of targeted attacks," wrote researcher Steven Adair.
"However, these types of attacks are frequently the most damaging and it is only a matter of time before this exploit ends up in every exploit pack on the internet".
Adobe said that users should expect to see a fix for the vulnerability by March 11.
In the meantime, researchers at both Shadowserver and the US Computer Emergency Response Team recommend that users disable the ability for documents to execute Javascript code in both Acrobat and Reader through the application's preference panel.
_(22).jpg&h=140&w=231&c=1&s=0)
_(20).jpg&h=140&w=231&c=1&s=0)
_(26).jpg&w=100&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
