It is being exploited in the wild. According to an advisory from Adobe, the critical vulnerability exists in Adobe Reader and Acrobat 9.2 and earlier versions. It is being exploited in the wild.

“All currently supported shipping versions of Adobe Reader and Acrobat, [versions] 9.1, 8.1.4, and 7.1.1 and earlier, are vulnerable to this issue,” said David Lenoe, the company’s security ...

We have seen reports that disabling JavaScript in Adobe Reader and Acrobat can protect users from this issue. Disabling JavaScript provides protection against currently known attacks.

Adobe, although they have admitted to the flaw, has not given a time line for fixing the affected applications with include Acrobat (Reader as well) 9.1, 8.1.4, 7.1.1 and earlier. Read more here ...

Adobe fixed multiple security vulnerabilities in both Reader and Acrobat 9 and X for Mac OS X and Windows. The company also added a new JavaScript whitelisting feature.