The bug, first reported in an advisory on Security Focus, impacts all supported versions of Reader and Acrobat on the Windows, Macintosh and Linux platforms. Proof-of-concept code is circulating on the internet, but Adobe representatives said they are not aware of any in-the-wild exploits.
"We are working on a development schedule for these updates and will post a timeline as soon as possible," Adobe's David Lenoe said on the company's Product Security Incident Response Team blog.
"This is not the first time that critical vulnerabilities have been found in Adobe's software," Sophos' Graham Cluley said on Wednesday on his blog. "And there is growing concern that the vendor's dominant market share of the PDF reader market is proving extremely attractive for hackers hellbent on infecting as many PCs as possible."
Adobe representatives defended their stance, saying they did not want to reveal too much information to potential attackers.