Today Adobe released a patch for two critical vulnerabilities (CVE-2013-0640 and CVE-2013-0641) that are already being exploited by attackers. Adobe released version 11.0.02 of its Adobe Reader and Adobe Acrobat Pro applications.
Vulnerabilities affect Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Mac OS X systems.
"These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system." security advisory reads.
Exploits were discovered by security company FireEye and researchers with antivirus provider Kaspersky Lab have confirmed the exploit can successfully escape the Adobe sandbox.