Adobe has recently addressed a significant vulnerability in its popular document viewing applications, including Acrobat DC, Reader DC, and Acrobat 2024. This flaw, designated as CVE-2026-34621, has reportedly been exploited by hackers for the past four months, allowing them to remotely install malware on users’ devices through cleverly disguised PDF files when opened on Windows or macOS platforms.
The issue arises from a weakness present in certain versions of Adobe Reader, which has made the software a prime target for cybercriminals and state-sponsored hacking groups. While the exact impact of this security breach remains undetermined, Adobe acknowledged that it was aware of the ongoing exploitation of this bug, which classifies it as a zero-day vulnerability. This term indicates that attackers were able to compromise users’ systems before Adobe developed a fix.
The discovery of this vulnerability was made by security researcher Haifei Li, who heads the exploit detection platform EXPMON. He identified the threat after a malicious PDF file was uploaded to his malware scanner. Notably, another instance of the harmful PDF surfaced on VirusTotal, an online malware repository, in late November 2025.
Details surrounding the specific targets of this hacking campaign or the motivations behind it are still unclear. Li mentioned that no additional exploits could be retrieved from the hackers’ servers. However, his research indicates that simply opening the compromised PDF could allow hackers to gain complete control of the user’s system, potentially enabling them to harvest extensive personal data.
Given the widespread usage of Adobe’s PDF reader software, the company has consistently faced scrutiny from cybercriminals seeking to exploit its vulnerabilities. In light of this latest incident, Adobe is urging users to update their applications to the latest versions to safeguard against potential attacks stemming from this significant security flaw.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
