Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update

Update April 11: Adobe has now confirmed that CVE-2026-34621, a critical vulnerability affecting users of Adobe Acrobat and Reader on both Windows and macOS platforms, is already being exploited by attackers. The exploit can lead to arbitrary code execution and requires no user interaction beyond opening a malicious PDF document. Adobe has advised that the security update should be installed within 72 hours.

The use of Adobe PDF documents in cybersecurity threats is far from uncommon; they represent a primary “malicious document” attack surface for those using social engineering tactics, for example. When it comes to zero-day exploits targeting the Adobe Reader used to view such files, however, that’s a different matter. So, when a security researcher reveals a “highly sophisticated, fingerprinting-style PDF exploit" being used against such a zero-day vulnerability, you need to take it seriously. Perhaps even more so when those attacks have been ongoing since December 2025.

Sophisticated Adobe PDF Zero-Day Exploit—Attacks Against Adobe Reader Ongoing

A security researcher has confirmed that threat actors have been exploiting a zero-day vulnerability that exists within Adobe Reader, used to view Adobe PDF files, since at least December 2025. The critical vulnerability has now been comfirmed as CVE-2026-34621 by Adobe.

Haifei Li, best known for developing a sandbox-based exploit-detection platform called EXPMON, has warned that attackers are exploiting a “zero-day/unpatched vulnerability in Adobe Reader that allows it to execute privileged Acrobat Application Programming Interfaces, and it is confirmed to work on the latest version of Adobe Reader.”

The use of maliciously crafted Adobe PDF documents is, as mentioned previously, not exactly shocking nor new. Just ask Dropbox, Microsoft or PayPal users, and they will unhappily confirm that. This zero-day attack, however, isn’t reliant on a victim clicking a dodgy link in the PDF attachment, though. It’s much worse than that. The exploit “works on the latest version of Adobe Reader without requiring any user interaction beyond opening a PDF file,” Li warned.

Another security researcher, posting on X as Gi7w0rm, said that it “seems to exploit part of Adobe Reader’s JavaScript engine,” and that the documents that have been seen to be used in attacks so far “contain Russian language lures and refer to issues regarding current events related to the oil and gas industry in Russia.”

I reached out to Adobe for a statement and advice for users, and a spokesperson confirmed that a security bulletin has now been added to address the vulnerability and that an update is now available for Adobe Acrobat and Reader for Windows and macOS.

The following products have updates available, and all have been given a priority one status by Adobe:

• Acrobat DC
• Acrobat Reader DC
• Acrobat 2024

Users can update their software manually by choosing the Help|Check for Updates menu option. Adobe said that the software will “update automatically, without requiring user intervention, when updates are detected. “

As far as administrators in managed environments are concerned, Adobe recommended installing the updates “via your preferred methodology, such as AIP-GPO, bootstrapper, SCUP/SCCM for Windows, or on macOS, Apple Remote Desktop and SSH." Sorry to spoil your weekend folks.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Sunday 12 April 2026 at 4:01 pm AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of March) 1,297

RIP Matrix