Adobe Addresses Critical PDF Vulnerability Exploited by Hackers
Adobe has recently released a security update to rectify a significant vulnerability in its widely used document-reading applications, including Acrobat DC, Reader DC, and Acrobat 2024. This flaw, identified as CVE-2026-34621, had been actively exploited by cybercriminals for at least four months prior to the patch’s release.
The vulnerability allowed attackers to remotely install malware on a user’s device by persuading them to open a maliciously crafted PDF file. This exploit affected both Windows and macOS platforms, targeting specific versions of Adobe Reader software. The exact number of individuals impacted by this security breach remains undetermined. Adobe acknowledged the active exploitation of this zero-day vulnerability, indicating that hackers had been leveraging the flaw to infiltrate systems before a fix was available.
The widespread use of Adobe’s PDF-reading software makes it a frequent target for cybercriminals and state-sponsored hackers. Historically, vulnerabilities in such ubiquitous software have been exploited to gain unauthorized access to sensitive data.
The discovery of this particular vulnerability was credited to security researcher Haifei Li, who operates the exploit-detection system EXPMON. Li identified the flaw after a malicious PDF containing the exploit was uploaded to his malware scanner. In a detailed blog post, Li noted that a similar malware-laden PDF had appeared on VirusTotal, another online malware scanning service, as early as late November 2025.
While the specific targets and objectives of the hacking campaign remain unclear, Li’s analysis suggests that opening a malicious PDF could grant attackers full control over the victim’s system, enabling them to steal a broad spectrum of data.
In response to this threat, Adobe has urged all users of Acrobat DC, Reader DC, and Acrobat 2024 to update their software to the latest versions promptly. Regular software updates are crucial in mitigating potential security risks and protecting sensitive information from unauthorized access.
