The PDF attack demonstrated by Belgian security researcher Didier Stevens that does not require an underlying vulnerability has Mickey Boodaei, CEO of security company Trusteer, concerned.
Computerworld quotes Boodaei as saying:
Didier's information is very clear, very easy to reproduce, and the attack seems to be very effective.
He believes that criminals will easily be able to replicate the attack and thinks Adobe should act quickly to address the issue:
Because of the huge distribution of their software, nearly 100 [percent] in some cases, they have to go through very extensive testing before releasing any fix to make sure it doesn't break the functionality.
Brad Arkin, Adobe's director for product security, says they are still evaluating. He did confirm that a fix for Stevens' attack approach won't be included in Adobe's update tomorrow.