Adobe has addressed a serious security flaw in its widely used document applications, Acrobat DC, Reader DC, and Acrobat 2024, which has been actively exploited by hackers for at least four months. This vulnerability, identified as CVE-2026-34621, permits cybercriminals to remotely install malware on a user’s device simply by deceiving them into opening a specially crafted PDF file on either Windows or macOS systems.
The specifics of the flaw affect certain iterations of Adobe Reader, allowing malicious actors to gain access through a common yet powerful delivery method. Although it remains unclear how many individuals have fallen victim to this hacking effort, Adobe has acknowledged the issue, labelling it a zero-day exploit, pointing to its continued use in real-world attacks prior to the vendor’s intervention.
The identity of those behind this cyber onslaught is still undetermined, but given the prevalence of Adobe’s PDF software, it continually attracts the attention of hackers and even state-sponsored attackers, who frequently exploit weaknesses within the application to extract sensitive information.
Security expert Haifei Li, operating the monitoring platform EXPMON, stumbled upon the vulnerability when a malicious PDF file containing the exploit was uploaded to his scanner. His findings reveal that similar malicious files first appeared on VirusTotal, another malware detection service, back in late November 2025.
Details on the specific targets of the hacking operations are scant. Li noted an inability to trace additional exploits from the hackers’ infrastructure. However, he warned that opening a tainted PDF could potentially grant assailants full control over the victim’s device, exposing a vast array of confidential data.
In response to this alarming security breach, Adobe has urged all users of Acrobat DC, Reader DC, and Acrobat 2024 to immediately update to the most recent software versions to safeguard against these vulnerabilities. As cyber threats evolve, it remains crucial for users to maintain up-to-date software to mitigate risks and protect their digital assets.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
