Sophos principal virus researcher Vanja Svajcer praised Adobe, claiming that it was ‘obvious' that Adobe was doing more to address vulnerabilities found in its product, especially since it rolled out patches two weeks ahead of schedule earlier this week.
“This exploit is more complex than the usual exploits we have become used to in the last few years and it may mark a new trend in the direction of writing exploits and shellcode.”
He also commented that the high number of patched vulnerabilities indicates that it may be a good time for Adobe to go through a security push to overhaul the approach to building in security to their products.
The request was echoed by David Harley, director of malware intelligence at ESET, who claimed that Svajcer made a point ‘that's worth three hearty cheers and a quote'.
They said: “PDF is a great format for storing pieces of paper but it perplexes me why anyone would put anything interactive into a PDF and I am yet to encounter anyone doing so (which supports the case that these security-risky features are esoteric and should not be enabled by default, if included at all).“If you expect people to view a document on a computer screen, PDF is a stupid format to use. (Documents aimed at computer screens suffer from page breaks, headers, footers, stupid sized fonts, excessive margins, poor scrolling, zoom and selection mechanics… the list goes on.)”