The release of the recent Flash update has resulted in providing a template for attackers to exploit a 0day in Acrobat and Reader. Adobe's pre-announcement states they attend to make the update available February 16, 2010.
Users should make sure that Preview.app is the default application for PDF files. There is very little reason to use Acrobat Reader for PDF files. In addition users should install Click to Flash which is available for Safari and Chrome. If you update to he latest Beta of Chrome you can install Extensions, one which we like is Flash Block which as the name suggest blocks Flash content.
The lesson is there is always residual and new risk in any update cycle, your process and policies should deal with this risk. Information Assurance is all about risk management.
drStrangeP0rk
Good news everyone, Adobe has released an update to Acrobat Reader and Acrobat. Users should visit the following link or select check for updates under the Help menu in Reader/Acrobat.
http://www.adobe.com/support/security/bulletins/apsb10-07.html