That exploit is indeed legendary but the code execution involved is not JavaScript. In fact the iOS PDF renderer does not have JavaScript enabled.
Obviously a skill issue; a true hacker would re-enable it.