According to Zdnet,

extrait : "New PDFex attack can exfiltrate data from encrypted PDF files. All the 27 desktop and web PDF viewer apps that were tested were found to be vulnerable in a way or another."

And here is the culprit, from my point of view (emphasis mine) :

extrait : "The research team says that an attacker can tamper with these unencrypted fields and create a booby-trapped PDF file that when decrypted and opened will attempt to send the file's content back to an attacker. (...) by adding a PDF form that auto-submits the PDF's content to an attacker's server when the victim decrypts and opens an encrypted PDF;"

A form control that auto-submits itself, how does that even pass through review in all PDF viewers out there? And how on earth is it possible that auto-submitting a form isn't disabled by default ?

Just overnight, all those PDF viewers have become a liability to every (corporate or no) user on the planet. I hope someone sues their ass off because such an auto-submit behavior was and is irresponsible.