























Adobe Reader zero-day attacks ongoing.
SOPA Images/LightRocket via Getty Images
Update April 11: Adobe has now confirmed that CVE-2026-34621, a critical vulnerability affecting users of Adobe Acrobat and Reader on both Windows and macOS platforms, is already being exploited by attackers. The exploit can lead to arbitrary code execution and requires no user interaction beyond opening a malicious PDF document. Adobe has advised that the security update should be installed within 72 hours.
The use of Adobe PDF documents in cybersecurity threats is far from uncommon; they represent a primary “malicious document” attack surface for those using social engineering tactics, for example. When it comes to zero-day exploits targeting the Adobe Reader used to view such files, however, that’s a different matter. So, when a security researcher reveals a “highly sophisticated, fingerprinting-style PDF exploit" being used against such a zero-day vulnerability, you need to take it seriously. Perhaps even more so when those attacks have been ongoing since December 2025.
ForbesNew Google Security Warning For Android 14, 15 And 16 Users—Update Now
A security researcher has confirmed that threat actors have been exploiting a zero-day vulnerability that exists within Adobe Reader, used to view Adobe PDF files, since at least December 2025. The critical vulnerability has now been comfirmed as CVE-2026-34621 by Adobe.
Haifei Li, best known for developing a sandbox-based exploit-detection platform called EXPMON, has warned that attackers are exploiting a “zero-day/unpatched vulnerability in Adobe Reader that allows it to execute privileged Acrobat Application Programming Interfaces, and it is confirmed to work on the latest version of Adobe Reader.”
The use of maliciously crafted Adobe PDF documents is, as mentioned previously, not exactly shocking nor new. Just ask Dropbox, Microsoft or PayPal users, and they will unhappily confirm that. This zero-day attack, however, isn’t reliant on a victim clicking a dodgy link in the PDF attachment, though. It’s much worse than that. The exploit “works on the latest version of Adobe Reader without requiring any user interaction beyond opening a PDF file,” Li warned.
ForbesAngry Hacker Drops Microsoft Zero-Day Exploit, 1 Billion Users WarnedBy Davey WinderAnother security researcher, posting on X as Gi7w0rm, said that it “seems to exploit part of Adobe Reader’s JavaScript engine,” and that the documents that have been seen to be used in attacks so far “contain Russian language lures and refer to issues regarding current events related to the oil and gas industry in Russia.”
I reached out to Adobe for a statement and advice for users, and a spokesperson confirmed that a security bulletin has now been added to address the vulnerability and that an update is now available for Adobe Acrobat and Reader for Windows and macOS.
Adobe security bulletin for CVE-2026-34621.
Adobe
The following products have updates available, and all have been given a priority one status by Adobe:
Users can update their software manually by choosing the Help|Check for Updates menu option. Adobe said that the software will “update automatically, without requiring user intervention, when updates are detected. “
As far as administrators in managed environments are concerned, Adobe recommended installing the updates “via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM for Windows, or on macOS, Apple Remote Desktop and SSH." Sorry to spoil your weekend folks.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。