Adobe Fixes Pdf Zero-day Security Bug That Hackers Have Exploited For Months

Adobe has patched a vulnerability successful its flagship document-reading apps, Acrobat DC, Reader DC and Acrobat 2024, that hackers person been actively exploiting for astatine slightest 4 months.

The vulnerability, officially tracked arsenic CVE-2026-34621, allows hackers to remotely works malware connected a person’s instrumentality by tricking them into opening a maliciously crafted PDF record connected their Windows instrumentality aliases macOS computer. The utilization targets a vulnerability successful immoderate versions of nan Adobe Reader software.

It is not yet known really galore group person been affected by this hacking campaign. In a statement connected its website, Adobe said it was alert that nan bug is being exploited successful nan wild, known arsenic a zero-day, indicating that hackers person been utilizing it to break into people’s computers earlier Adobe could hole it. 

While it’s not clear who is down nan hacking campaign, nan ubiquity of Adobe’s PDF-reading package makes it a consistent target for cyber criminals and government-backed hackers, who person agelong abused weaknesses successful nan package to bargain information from people’s computers.

Security interrogator Haifei Li, who runs nan exploit-detection strategy EXPMON, discovered nan vulnerability aft personification uploaded a copy of a malicious PDF containing nan utilization to his malware scanner. In a blog post, Li wrote that different transcript of nan malware-ridden PDF first appeared connected VirusTotal, different online malware scanner, successful precocious November 2025.

It’s not clear who nan hacking run was targeting aliases for what reason, and Li said it was not imaginable to get immoderate further exploits from nan hacker’s servers. But according to Li’s analysis, opening a malicious PDF and triggering nan utilization “could lead to afloat power of nan victim’s system” and springiness nan hacker nan expertise to bargain a wide scope of data.

Adobe said Acrobat DC, Reader DC, and Acrobat 2024 are affected, and urged users to update their package to nan latest versions.