Adobe today patched a critical vulnerability in its PDF viewing and editing software that hackers have been exploiting for more than two months.

The outfit has updated Adobe Reader and Acrobat 9.1 which it says fixes the recent JBIG2 security issue, including the 'no-click' variant of the vulnerability. David Lenoe, Adobe's security program manager, said in a post to a company blog very little else but hinted that the flaw might have become a bit of albatross for Adobe.

Newer exploits that do not rely on a user actually opening a malformed PDF file have been seen in the wild. According to Adobe, it first knew of the vulnerability January 16 when an unnamed partner provided it with an exploit snared in the wild.