Last week, Adobe issued a security bulletin stating that a vulnerability could allow an attacker to take control of an affected system. Although an update is in the works, Adobe said in its bulletin that it is already in touch with anti-virus vendors to protect against this potential attack. A poisoned PDF file, sent to victims via email, could result in malware infestation, which could allow an attacker to take control over a system.

But unfortunately, according to Shadowserver.org, the vulnerability is already being exploited, so it’s not just a “potential” vulnerability. Shadowserver’s report says that it is being used in a small set of targeted attacks. In the attack, a PDF is sent to a victim and when it launches it installs a piece of malware on the system. According to the details, a malicious PDF out in the wild takes advantage of a vulnerability in a non-JavaScript function call, although the malicious PDF itself does contain JavaScript. This means that if it is practical to do so, the most immediate remedy–besides just not opening up strange PDF files that show up in your inbox–is just to disable JavaScript in the Adobe Acrobat reader, at least until Adobe comes out with a fix.

Disabling JavaScript in the reader is a simple process; just click on Edit, then Preferences, then JavaScript; and then uncheck the box that says “Enable Acrobat JavaScript.”

The Shadowserver entry mentioned a frightening scenario, and that is the likelihood of the exploit quickly going into “exploit packs” all over the Internet. Exploit packs are easily accessible and cheap packets sold to cybercriminals, which make committing Internet crimes more “user-friendly.”