Search

Adobe Patches Reader Zero-Day Exploited for Months

Cyber threats and incidents
By John Kevin Hao

Related

Cyber threats and incidents

Huawei Zero-Day Attack Behind Luxembourg’s 2025 Nationwide Telecoms Outage

What happened A previously undisclosed zero-day vulnerability in Huawei enterprise...
Read more
Cyber threats and incidents

Exploitation of Critical NGINX Vulnerability Begins Days After Patch ReleaseExploitation of Critical NGINX Vulnerability Begins Days After Patch Release

What happened Active exploitation of a critical NGINX vulnerability tracked...
Read more
Cyber threats and incidents

New GhostLock Tool Abuses Windows API to Block File Access

What happened A security researcher has published a proof-of-concept tool...
Read more
Cyber threats and incidents

Ivanti Warns of New EPMM Flaw Exploited in Zero-Day Attacks

What happened Ivanti has disclosed a high-severity remote code execution...
Read more
Cyber threats and incidents

Mirai-Based xlabs_v1 Botnet Exploits Android Debug Bridge to Hijack IoT Devices

What happened Hunt.io researchers have identified a new Mirai-derived botnet...
Read more

Share

What happened

Adobe released emergency patches for a critical Acrobat and Reader zero-day that had been exploited in the wild for several months. The vulnerability, tracked as CVE-2026-34621, has a CVSS score of 9.6 and stems from improperly controlled modifications to prototype attributes. Adobe said the flaw can be exploited for arbitrary code execution. Affected products include Acrobat and Reader for Windows and macOS. The fixes are included in Acrobat DC and Acrobat Reader DC version 26.001.21411, as well as Acrobat 2024 versions 24.001.30362 and 24.001.30360. Adobe also confirmed active exploitation and credited Haifei Li with reporting the issue after he identified a sophisticated malicious PDF uploaded to his sandbox system. Researchers determined from an exploit sample that the attacks may have started as early as November 2025. 

Who is affected

The direct exposure affects organizations and users running vulnerable versions of Adobe Acrobat and Reader on Windows and macOS. The flaw can allow arbitrary code execution through malicious PDF files, creating immediate risk for endpoints where those applications are installed and unpatched. 

Why CISOs should care

This matters because the vulnerability was exploited for months before Adobe released a patch, giving attackers a long window to target users with malicious PDFs. It is also a high-severity code execution flaw in widely deployed document software, which makes patch timing and endpoint coverage especially important. 

3 practical actions

  1. Patch affected systems immediately: Deploy Adobe’s emergency updates for Acrobat and Reader across Windows and macOS environments without delay. 
  2. Hunt for malicious PDF activity: Review email, web, and endpoint telemetry for suspicious PDF files and related execution activity dating back to late 2025, since researchers believe exploitation began as early as November. 
  3. Use the published detection material: Incorporate the available technical details and indicators of compromise into threat hunting and detection workflows to identify possible exploitation of CVE-2026-34621. 

For more news about security flaws under active exploitation, click Vulnerability to read more.

IMG 0514 2
+ posts

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

Previous article
Rockstar Confirms Limited Company Information Was Accessed in Third-Party Data Breach
Next article
C2K Cyber Attack Disrupts Northern Ireland Exam Preparation

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.