Wisniewski also noted that the Leadbetter exploit's stolen certificate had signed one component of the malware in 2009, a clue that the attack code, or at least part of it, had been circulating since then.
Of the 23 vulnerabilities patched today, 20, or 87% of the total, were tagged with the phrase "could lead to code execution" by Adobe in its accompanying bulletin .
Unlike some vendors, such as Microsoft, Adobe does not assign threat ratings to bugs in its products, but "code execution" means that attackers could exploit the flaws to hijack the computer.
Microsoft assigns the "critical" label to most, though not all, of its vulnerabilities that allow code execution.
Two of the remaining 23 bugs could be used to crash Reader or Acrobat, while the final vulnerability was a Linux -only issue that could result in an attacker gaining higher levels of access to a machine.
Nine of the 23 bugs were reported to Adobe by security engineers who work for Google -- Tavis Ormandy was credited with eight of those -- while three others were handed to Adobe by HP TippingPoint's Zero Day Initiative bug bounty program.
Also today, Adobe kicked off a series of technical blog posts about the "sandboxing" technology the company intends to add to the Windows version of Reader sometime this year.
Called "Protected Mode" by Adobe, the technology is designed to isolate processes from one another and the rest of the machine, preventing or hindering malware from escaping an application to wreak havoc or infect the computer.
Microsoft uses a similar technology in its Internet Explorer 7 (IE7), IE8 and IE9 browsers on Windows Vista and Windows 7 ; Google also relies on sandboxing to stymie attacks directed at or through the Chrome browser.
Adobe also announced that it will demonstrate Protected Mode later this month at its Adobe MAX 2010, which is slated to run Oct. 23-27 in Los Angeles.