There was a lot of press Friday on a new “malformed PDF can crash Reader, potentially leading to foreign execution code”. Unfortunately, there was far more press text than source text. The Adobe Security team has better source info in this blogpost.
I do not know whether non-Adobe PDF renderers are vulnerable. I do know that folks within Adobe have agonized about the wait for public information disclosure, and that organizationally we’ll be able to move faster in the future, but (as the “disable JS” rumor showed) it’s vital to go past the surface issue to the root issue, and it’s vital to consult with industry partners to meaningfully improve the security situation.
Anyway, please accept my apologies for the delay, but solid info is now at hand. New software due in 14 days.