The said bug, which can be exploited using a special TrueType font, can be used to execute arbitrary code. According to Miller, Adobe first learnt of the vulnerability from Google security engineer Tavis Ormandy. "Apparently @taviso previously reported to Adobe the Reader 0-day I dropped at BH. Haha, ruined his effort at trying to be responsible," Miller quipped in a Tweet Tuesday.
Tavis Ormandy was recently in the crosshairs after he went public with a critical vulnerability in Windows' HCP protocol only a few days after notifying Microsoft about it.
Adobe is often maligned for the number of vulnerabilities in its software. Of course, one could argue that the prevalence of Adobe software has made it one of the most targeted 3rd party software vendor and there is little it can do to change that, but the fact is that the San Jose-based company has been leisurely in addressing security concerns.