According to an advisory from Adobe, the critical vulnerability exists in Adobe Reader and Acrobat 9.2 and earlier versions. It is being exploited in the wild.

Adobe fixed multiple security vulnerabilities in both Reader and Acrobat 9 and X for Mac OS X and Windows. The company also added a new JavaScript whitelisting feature.

Adobe is investigating new reports that hackers are attacking a previously unknown bug in the latest version of the company's Reader and Acrobat software.

We have seen reports that disabling JavaScript in Adobe Reader and Acrobat can protect users from this issue. Disabling JavaScript provides protection against currently known attacks.

Adobe acknowledged that all versions of Reader and Acrobat contain at least one critical vulnerability.

To disable JavaScript, select Edit > Preferences and then pick the JavaScript category. There, users can uncheck the “Enable Acrobat JavaScript” choice.

The issue is JavaScript and the way that Acrobat and Flash (the plug-in for Flash and Flash Player) handle it. They just do not do so very well at all. Because of this little problem arbitrary ...

To disable JavaScript, users are advised to select the JavaScript category under the Edit:Preferences tab and uncheck the "Enable Acrobat JavaScript" option.