Security firm FireEye reports that it has uncovered a PDF zero-day that is currently being exploited in the wild. This warning includes Adobe PDF Reader v9.5.3 for Windows, Macintosh and Linux, Reader X v10.1.5 for Windows and Macintosh, and Reader XI v11.0.01 for Windows and Macintosh.
According to the report, this exploit drops two DLLs upon successful exploitation, one of which displays a fake error message and opens a decoy PDF document. The second DLL drops the callback component which talks to a remote domain.
"We have already submitted the sample to the Adobe security team," the firm stated on Wednesday in this blog. "Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files. We will continue our research and continue to share more information."
FireEye said that it has been working with Adobe and have jointly agreed to refrain from posting the technical details of the zero-day. Adobe also reports that it is currently investigating this report and assessing the risk to its customers.
"We will provide an update as soon as we have more information. Please continue monitoring the Adobe PSIRT blog for the latest information," Adobe added.
FireEye's latest report arrives just after the discovery of two Flash Player zero-days that were being exploited in spear-phishing campaigns. One attack relied on SWF Flash files embedded in Microsoft Word documents. A second attack, focused on Mac users, hosted malicious Flash files on a website. Adobe issued a Flash Player update on Tuesday that added a Click to Play anti-spear-phishing feature.
"The two exploits have been assigned CVE-2013-0633 and CVE-2013-0634. It is highly recommended that you apply this patch right away, as this threat is active in the wild," FireEye said.