Adobe just posted a new Security Advisory (APSA09-07, CVE-2009-4324) for the latest critical vulnerability in Adobe Reader and Acrobat 9.2 (and earlier). The flaw lies within a JavaScript function specific to the PDF Reader. Adobe plans to release a patch by January 12, 2010, to resolve the issue. The zero day is already being exploited in targeted attacks. A Twitter post indicates that an exploit module was added to the MetaSploit framework, as well; so it’s only a matter of days until this exploit will become widespread–as the various exploit toolkits are “enhanced” with support for this latest vulnerability.

The screenshot below illustrates the inner workings of one such malicious PDF file, showing the JavaScript obfuscation layer on top of the actual exploit code.

McAfee customers are protected through both the DATs (as “Exploit-PDF.ag” in 5834) and through Gateway Anti-Malware (”BehavesLike.PDF.Suspicious.Z”). If you don’t really need JavaScript in PDF documents (and if you do, please leave a comment to this blog–we’re curious to know), you can mitigate this issue until the patch is available next year by disabling JavaScript in Adobe Reader and Acrobat as described in the Adobe Security Advisory.