惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
LINUX DO - 最新话题
Apple Machine Learning Research
Apple Machine Learning Research
月光博客
月光博客
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
The GitHub Blog
The GitHub Blog
爱范儿
爱范儿
T
The Blog of Author Tim Ferriss
T
Tailwind CSS Blog
美团技术团队
WordPress大学
WordPress大学
F
Fortinet All Blogs
IT之家
IT之家
阮一峰的网络日志
阮一峰的网络日志
云风的 BLOG
云风的 BLOG
F
Full Disclosure
博客园 - 三生石上(FineUI控件)
Microsoft Azure Blog
Microsoft Azure Blog
U
Unit 42
博客园 - 【当耐特】
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Blog — PlanetScale
Blog — PlanetScale
V
Visual Studio Blog
P
Proofpoint News Feed
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
L
LangChain Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
S
Secure Thoughts
www.infosecurity-magazine.com
www.infosecurity-magazine.com
H
Heimdal Security Blog
W
WeLiveSecurity
Cloudbric
Cloudbric
N
News and Events Feed by Topic
Last Week in AI
Last Week in AI
N
News and Events Feed by Topic
G
Google Developers Blog
Attack and Defense Labs
Attack and Defense Labs
Google Online Security Blog
Google Online Security Blog
S
Security Affairs
S
Security @ Cisco Blogs
雷峰网
雷峰网
有赞技术团队
有赞技术团队
Webroot Blog
Webroot Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
C
Cyber Attacks, Cyber Crime and Cyber Security
Spread Privacy
Spread Privacy
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Engineering at Meta
Engineering at Meta
P
Palo Alto Networks Blog
D
DataBreaches.Net
Application and Cybersecurity Blog
Application and Cybersecurity Blog

The Register - Software: OSes

Fedora: Microsoft is all aboard, but Deepin is dumped Microsoft promises to do better, but it has a long way to go First big Microsoft update after vow to 'win back fans' Who needs ghost train scares when Windows is such a fright? Microsoft boss tells investors the company is working to 'win back fans' Microsoft boss says company is working to 'win back fans' Linux cryptographic code flaw offers fast route to root Fedora 44 is out – countless versions of it Microsoft sets its sights on the past with 86-DOS and PC-DOS Microsoft updates the Windows Update Experience Windows second-chance setup hurts IT, productivity Ubuntu Resolute Raccoon drops Xorg, keeps X11 apps alive More ancient Linux device support facing the ax WSL9x hacks Linux into ancient Windows 9x systems UK tribunal sends £2B claim accusing Microsoft of overcharging for licensing to trial Zorin OS 18.1 released - and the Lite edition reappears Task Manager's CPU%: an obituary for the recent past Linux 7.1 will have an optional new NTFS driver Microsoft releases Windows Server update to fix April update 20-year-old Enlightenment E16 bug finally gets patched 20-year-old Enlightenment E16 bug finally gets patched Raspberry Pi OS ends open-door policy for sudo Firefox Nightly adds Web Serial after years of saying no Windows Update: Torture chamber for seldom-used PCs Windows Update: Torture chamber for seldom-used PCs Notepad loses Copilot icon as Microsoft gives subtlety a try Notepad loses Copilot icon as Microsoft gives subtlety a try Microsoft attempts to untangle Windows Insider program NHS pays £46K to prep next Microsoft licensing round Linux 7.0 debuts as Linus Torvalds ponders AI's impact Linux 7.0 debuts as Linus Torvalds ponders AI's impact Red Hat RHELocates its Chinese engineering team to India Showing the Windows 10 desktop was the yeast they could do Apple's chips are winners, but Windows fails help it most The end of Linux i486 support looks nigh The end of Linux i486 support looks nigh Windows asks a networking question on a Stratford billboard Some 'broken by update' PCs were already doomed SystemRescue 13 lands with Linux 6.18 and bcachefs support Memo: Red Hat Global Engineering plans to lean in to AI Microsoft plans another out-of-band Windows fix Ubuntu beta arrives with GNOME 50, sans Google Drive support Ubuntu beta arrives with GNOME 50, sans Google Drive support Microsoft pulls Windows update after installation problems Microsoft pulls Windows update after installation problems Microsoft cracks down on old Windows kernel drivers Microsoft cracks down on old Windows kernel drivers Linux kernel czar says AI bug reports aren't slop anymore How Windows 95 fought off badly behaved installers Open source isn't a tip jar – it's time to charge for access Age checks creep into Linux as systemd gets a DOB field Systemd-free antiX 26: Debian 13, in bonsai form Systemd-free antiX 26: Debian 13, in bonsai form Windows boss promises to heal the operating system's wounds Windows boss promises to heal the operating system's wounds Smart TVs and voice assistants are the next gatekeepers Microsoft releases emergency fix for account internet error Microsoft releases emergency fix for account internet error Microsoft: Removing some Copilots will improve Windows 11 WSL, WINE updates speed cross-OS app performance MS update kills Microsoft account sign-ins in Windows 11 GNOME 50 debuts with X11 axed, Wayland front and center Microsoft publishes a workaround for Samsung's C:\ drive woes Systemd 260 kills SysV, tells AI not to misbehave Out-of-band getting out of hand as Microsoft pushes hotpatch for Bluetooth Microsoft pushes out-of-band hotpatch for Bluetooth Big moves in Linux filesystems as new bcachefs lands and KDE adds support for Apple's APFS Age verification isn't sage verification when it's inside operating systems Age verification isn't sage verification inside OSes Microsoft points at Samsung after Galaxy app bug locks users out of C:\ RAM is getting expensive, so squeeze the most from it Nanny state vs. Linux: show us your ID, kid Smart mirror shows dumb Windows in elevator Microsoft adding Xbox mode to Windows 11 – even the Professional edition DR-DOS rises again – rebuilt from scratch, not open source Hotpatching goes default in Windows Autopatch whether you like it or not Hotpatching goes default in Windows Autopatch Linux PC vendor System76 tries to talk Colorado down over OS age checks System76 tries to talk Colorado down over OS age checks US state laws push age checks into the operating system Microsoft finally gets around to fixing Windows 10 Recovery Environment after breaking it in October BunsenLabs Carbon keeps the CrunchBang flame alive with Debian 13 Bootleg Windows, Office scheme crashes, triggers 22-month lockup for Florida woman
Adobe finally patches PDF pest after months of abuse
Carly Page Carly Page · 2026-04-13 · via The Register - Software: OSes

OSes

Reader and Acrobat flaw let booby-trapped documents profile targets and hijack machines

Adobe has released a fix for an Acrobat and Reader zero-day that attackers had been exploiting for months.

The patch, shipped on April 11, addresses CVE-2026-34621, a critical vulnerability in Acrobat and Reader on Windows and macOS that can lead to arbitrary code execution. That's the polite way of saying a booby-trapped PDF could hand over the keys to the machine just by being opened.

In its advisory, Adobe says it is "aware of CVE-2026-34621 being exploited in the wild," which is doing a fair bit of reputational cleanup in a single sentence. Until now, there had been no public acknowledgment from the company that the bug even existed, let alone that attackers were actively using it.

The patch arrived a couple of days after external reporting put the campaign in the spotlight.

Malicious documents used heavily obfuscated JavaScript running through legitimate Acrobat APIs to gather system information from the host. Based on what it found, the malware could then decide whether to escalate, pulling down a second-stage payload capable of remote code execution or breaking out of Reader's sandbox.

Some targets were left with nothing more than a fingerprinting pass, while others were lined up for deeper compromise. That kind of triage suggests a campaign with specific interests rather than opportunistic spam, which lines up with the lures researchers observed. Some of the documents were written in Russian and referenced oil and gas sector themes, hinting at a more targeted victim pool without quite pointing a finger at who might be behind it.

According to researchers, evidence suggests the malicious activity stretches back to at least late 2025, giving attackers a comfortable runway of several months. During that time, the exploit blended into normal Reader behavior, sidestepping traditional defenses that are tuned to spot known signatures or obvious misbehavior.

The patch closes the hole, but it does not rewind the clock. Anyone who opened a malicious PDF during that window may already have been profiled or worse, depending on how interesting they looked to the attacker. Adobe has not said how many users might have been affected, how the flaw was discovered internally, or why acknowledgment lagged behind public reporting. The company still hasn't responded to The Register's questions.

Adobe may have closed the door, but not before plenty had already walked through it. ®