It was the second time in four weeks that Adobe had found a “zero-day” flaw in its software.
The hole was in Reader and Acrobat which includes code that renders Flash content inserted into PDF files.
When the last patch was issued, on April 15, Adobe said it would fix Reader and Acrobat around April 25.
In fact it managed this three days early.
The flaw was found by Mila Parkour, who said that poisoned PDFs carry filenames that tout information about China, Russia, the Obama administration and the Middle East.
They appear to be attached to messages from editors at the New York Times. They were sent from servers in Utah and China.
The hole does not effect Adobe Reader on Android.