Adobe has released a patch for a critical vulnerability in its document software that had been actively exploited for at least four months, allowing attackers to compromise devices through malicious PDF files. The flaw affects widely used products including Acrobat DC, Reader DC, and Acrobat 2024.
Zero-Day Exploit And Attack Method
The vulnerability, tracked as CVE-2026-34621, enables attackers to remotely install malware when a user opens a specially crafted PDF file on Windows or macOS systems. Adobe confirmed the issue was being exploited in the wild as a zero-day, meaning attackers were using it before a fix was available.
The exploit targets specific versions of Adobe’s Reader software, though the full scope of affected users remains unknown.
Discovery And Timeline
Security researcher Haifei Li, who operates the EXPMON exploit detection system, identified the vulnerability after analyzing a malicious PDF uploaded to his platform. He noted that a similar file had appeared earlier on VirusTotal in November 2025.
Li said triggering the exploit could grant attackers full control over a victim’s system, enabling access to sensitive data and broader system compromise.
Threat Context And Unknown Actors
The origin of the attacks and their intended targets remain unclear. Adobe’s software has historically been a frequent target due to its widespread use, making it attractive to both cybercriminal groups and state-backed actors seeking access to user data.
Li reported that further investigation into the attacker’s infrastructure did not yield additional exploit samples.
Patch And Mitigation
Adobe has issued updates for all affected products and is urging users to install the latest versions to protect against exploitation. The company’s advisory confirms that the vulnerability has now been addressed.
Featured image credits: Flickr
For more stories like it, click the +Follow button at the top of this page to follow us.