Adobe patches critical PDF zero-day flaw exploited by hackers for months

Adobe has released a patch addressing a serious security flaw in its widely used document-reading applications — Acrobat DC, Reader DC, and Acrobat 2024 — after discovering that attackers had been exploiting the vulnerability for at least four months.

The flaw, identified as CVE-2026-34621, enables attackers to remotely install malicious software on a user’s system by convincing them to open a specially crafted PDF file. The exploit specifically targets certain versions of Adobe Reader on both Windows and macOS platforms.

At this stage, the total number of affected users remains unclear. However, Adobe confirmed in a statement on its website that the vulnerability had been actively exploited in real-world attacks, classifying it as a zero-day. This designation means that malicious actors were already exploiting the flaw before a fix became available.

Although the individuals or groups behind the campaign have not been identified, Adobe’s software has long been a frequent target due to its widespread use. Cybercriminals and state-backed hacking groups have historically exploited weaknesses in PDF-reading tools to access sensitive data.

The vulnerability was uncovered by security researcher Haifei Li, who operates the exploit-detection platform EXPMON. He identified the issue after a malicious PDF file containing the exploit was uploaded to his scanning system. In a detailed blog post, Li noted that another version of the infected file had previously been submitted to VirusTotal in late November 2025.

Details about the intended targets or purpose of the attacks remain unknown. Li also stated that further samples could not be retrieved from the attacker’s infrastructure. Based on his findings, however, opening a compromised PDF could allow attackers to gain complete control over the affected device, potentially enabling them to access and extract a wide range of sensitive information.

Adobe has confirmed that Acrobat DC, Reader DC, and Acrobat 2024 are affected by the vulnerability and has strongly advised users to update their applications to the latest available versions immediately to protect their systems.