Adobe announced this week that it had discovered a "critical vulnerability" in Adobe Reader X (10.1.1) and earlier versions, which could cause a crash and allow an attacker to take control of Windows, Mac OS X, and Unix systems. Adobe says there are reports of the vulnerability being actively exploited by hackers in the wild — the company credits Lockheed Martin and members of the Defense Security Information Exchange for reporting the issue, but it's not clear if they have been affected by it. While Adobe says that many versions of Adobe Reader and Acrobat are vulnerable, it notes that attacks thus far have specifically targeted Adobe Reader 9.x on Windows. Adobe's finalizing a fix for the issue and plans to update Adobe Reader and Acrobat 9.x for Windows no later than the week of December 12th.
Adobe says you can protect yourself from potential attack by enabling Protected Mode for Reader X and Protected View for Acrobat X. Because of the availability of this workaround, Adobe has decided to focus on a Windows patch for 9.x versions first, and won't update Reader X and Acrobat X until the next quarterly update on January 10th.