Adobe has pushed out an emergency security update for Adobe Acrobat Reader, patching a zero-day vulnerability (CVE-2026-34621) exploited in the wild since November 2025.
CVE-2026-34621 is a critical prototype pollution vulnerability – a type of vulnerability that occurs in JavaScript and allows attackers to add or modify an application’s JavaScript objects and properties.
CVE-2026-34621 can lead to arbitrary code execution in the context of the current user, but it cannot be triggered remotely.
“Exploitation of this issue requires user interaction in that a victim must open a malicious file,” the vulnerability’s NVD entry states.
Its in-the-wild exploitation was flagged by security researcher Haifei Li, after someone submitted a malicious PDF sample to EXPMON, a publicly available system for detecting advanced file-based exploits.
The analysis of that and another related malicious PDF file revealed that, once opened, they would “fingerprint” the underlying system and send the information to a command and control (C2) server operated by the attackers.
The exploit can also launch additional exploits received from the C2 server but Li was unable to trigger this step.
An analysis by malware researcher Giuseppe Massaro has shown that both malicious PDFs contained text in Russian related to gas supply disruption and emergency response.
Adobe has addressed CVE-2026-34621 across several product versions:
The company recommends admins to install the update as soon as possible.
If immediate patching is not feasible, Li and Massaro say that users should be instructed not to open PDF files sent by untrusted parties, and security teams should monitor endpoints for specific changes and block all http/https traffic that has the “Adobe Synchronizer” string in the User Agent field.
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。