Adobe has used the same explanation when it has said it will not strip JavaScript functionality from PDF documents; over the last year, hackers have frequently exploited vulnerabilities in Reader's and Acrobat's implementation of that scripting language.

"I think Adobe should act quickly," said Boodaei, who then admitted that's unlikely. "Because of the huge distribution of their software, nearly 100% in some cases, they have to go through very extensive testing before releasing any fix to make sure it doesn't break the functionality."

Boodaei's bet? "I'm guessing that it will take them some time, unless they see an increase in attacks," he said.

And those attacks are coming. "We are seeing an increase in the sophistication of social engineered attacks. They're becoming more and more common, especially in financially-motivated attacks, whether on financial institutions or consumers," Boodaei said.

He wasn't optimistic about the ability of consumers to ward off the impending attacks. "For enterprises, it's probably easier, since security administrators can evaluate the threat on their networks and push out [Adobe's workaround] through a centralized system. But consumers will find it harder," said Boodaei.