Adobe fixes zero-day vulnerability, urges users to install update immediately

Published: 15 April 2026
Last updated: 21 April 2026
Adobe software company
Software company Adobe. Photo by Samuel Boivin/NurPhoto via Getty Images

Adobe has released a patch for a vulnerability in Acrobat DC, Reader DC, and Acrobat 2024 that hackers have been exploiting for months.

Key takeaways:
  • Adobe fixed a vulnerability in Acrobat and Reader that hackers have actively exploited since December 2025 using malicious PDF files.
  • Opening a weaponized PDF could allow attackers to remotely execute code and gain full control of a victim's Windows or macOS system.
  • Adobe urges users to update their software right away.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.

The vulnerability, also known as CVE-2026-34621, allows hackers to remotely install malware on a device by tricking the user into opening a malicious PDF file on their Windows or macOS computer.

ADVERTISEMENT

“Successful exploitation could lead to arbitrary code execution,” Adobe says in a recently posted security bulletin.

The zero-day vulnerability was initially rated critical and received a Common Vulnerability Scoring System (CVSS) score of 9.6. However, Adobe has lowered the severity of the bug to 8.6 after changing the attack vector from network to local.

Has your password leaked?

Enter your password to check if it has leaked. Having a leaked password creates the risk of identity theft, financial damages, and worse!
35,607,543,468
Exposed Passwords
Ad
Protect your personal information from cybercriminals and get 50% off the top-rated password manager
Learn More
link_title link_title

As far as we know, the vulnerability has been exploited since December 2025.

Because the vulnerability can have far-reaching consequences, Adobe recommends that users immediately update their software. For this, they have to open their applications and navigate to Help > Check for Updates. The app will then automatically update, without requiring user intervention.

The security flaw was documented by security researcher Haifei Li, who runs the exploit-detection system EXPMON. This was after someone uploaded a copy of a malicious PDF file containing the exploit.

In a lengthy and detailed blog post, Li wrote what information the file collected from a local system, including language settings, the Adobe Reader version number, the exact OS version, and the local path of the PDF file. This data is then sent to a remote server.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us
ADVERTISEMENT

“Even more concerning, this exploit allows the threat actor to not only collect/steal local information, but also potentially launch subsequent RCE/SBX attacks [remote code execution/sandbox escape, ed.], which could lead to full control of the victim's system,” Li warns.

In turn, this can lead to data theft, loss of control over the computer, and the further spread of malware within an organization.

As of writing, it’s not clear who is responsible for exploiting the vulnerability or how many users may have been affected.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked