The Vulnerability
Adobe has patched a vulnerability in Acrobat DC, Reader DC, and Acrobat 2024 (CVE-2026-34621) that hackers have been exploiting for at least four months. The flaw allows attackers to remotely plant malware by tricking users into opening a maliciously crafted PDF on Windows or macOS.
Active Exploitation in the Wild
Adobe confirmed that the bug is being exploited in the wild, describing it as a “zero-day,” meaning criminals were using it before the company could fix it. The vulnerability affects certain versions of Adobe Reader software. Adobe stated it does not yet know how many people have been affected and urged users to update to the latest versions of the affected applications.
Discovery and Analysis
Security researcher Haifei Li, who runs the exploit-detection system EXPMON, discovered the issue after a malicious PDF containing the exploit was uploaded to his malware scanner. According to Li’s analysis, another copy of the malware-laden PDF first appeared on VirusTotal in late November 2025. It is not clear who is behind the campaign or who it targeted.
Potential Impact
Li’s analysis indicates that opening a malicious PDF and triggering the exploit could lead to full control of the victim’s system and enable the attacker to steal a wide range of data. The ubiquity of Adobe’s PDF-reading software makes it a consistent target for cyber criminals and government-backed hackers.
Source: TechCrunch