AI & TechBigTech CompaniesCybersecurityNewswireTechnology

Adobe patches exploited PDF zero-day after months of attacks

▼ Summary

– Adobe has patched a vulnerability (CVE-2026-34621) in its Acrobat and Reader apps that hackers have been actively exploiting for months.
– The flaw allows attackers to remotely install malware by tricking users into opening a malicious PDF file on Windows or macOS.
– The vulnerability was a zero-day, meaning it was exploited in the wild before Adobe could release a fix.
– Security researcher Haifei Li discovered the exploit after a malicious PDF was uploaded to online malware scanners in late November 2025.
– Exploiting this vulnerability could give an attacker full control of a victim’s system and the ability to steal data.

Adobe has released a critical security update for its widely used PDF software, addressing a flaw that attackers have leveraged for months to compromise systems. The company confirmed that its Acrobat DC, Reader DC, and Acrobat 2024 applications for Windows and macOS contain a vulnerability, now patched, that was actively exploited in the wild. This type of pre-patch exploitation is known as a zero-day vulnerability, highlighting the persistent threat to ubiquitous software like Adobe’s document readers.

The specific security flaw, cataloged as CVE-2026-34621, functioned by allowing remote code execution. Attackers could craft a malicious PDF file that, once opened by a victim, would enable the installation of malware. The exploit provided a pathway for threat actors to gain extensive control over the infected device, potentially leading to data theft and full system compromise. Adobe’s advisory notes the company was aware of these in-the-wild attacks prior to releasing the fix.

The discovery of this ongoing campaign is credited to security researcher Haifei Li of EXPMON. Li’s system detected the exploit after a malicious PDF sample was submitted to his scanner. His investigation traced the earliest known sample to the online malware repository VirusTotal, where it appeared in late November 2025. While the full scope and specific targets of the attacks remain unclear, Li’s analysis determined that successful exploitation could result in complete system control.

The identity and motives of the hackers behind this campaign are not publicly known. However, the consistent targeting of Adobe’s software reflects a broader trend. Its global install base makes it a prime target for cybercriminals and state-sponsored groups seeking to infiltrate networks and steal sensitive information. The months-long exploitation window underscores the challenges of defending against such threats before a patch is available.

Users are strongly advised to ensure their Adobe applications are updated immediately. Affected software includes all versions of Acrobat DC, Reader DC, and Acrobat 2024. Applying the latest security patches is the most effective defense against this now-public exploit, closing the door on a significant attack vector that has been open since late last year.

(Source: TechCrunch)

Topics

adobe vulnerability 98% cve-2026-34621 95% zero-day exploit 93% malicious pdf 92% software patch 90% hacking campaign 88% remote code execution 87% security researcher 85% malware scanners 82% data theft 80%