Adobe Patches Critical Vulnerability Exploited for Several Months
Adobe Issues Emergency Patches for Acrobat and Reader Zero-Day Exploit
In response to a significant vulnerability, Adobe has released urgent patches for its Acrobat and Reader software to address a critical zero-day exploit.
"The vulnerability, identified as CVE-2026-34621, carries a severity rating of 9.6 on the Common Vulnerability Scoring System (CVSS)" – According to Adobe.
Vulnerability Details
- The flaw allows for the execution of arbitrary code due to improper control over prototype attributes.
- The vulnerability was discovered by Haifei Li, a respected security researcher who has previously worked for notable firms such as Fortinet and McAfee.
- Li initially reported the bug through his research platform, Expmon, where he observed a sophisticated PDF exploit designed to harvest sensitive information.
Exploitation History
- Exploitation of CVE-2026-34621 began as early as November 2025.
- An analysis of an exploit sample uploaded to VirusTotal suggests that an Advanced Persistent Threat (APT) group may be involved.
Mitigation
- Users are advised to update their software immediately to the patched versions:
- Acrobat DC: 26.001.21411
- Acrobat 2024: 24.001.30362 and 24.001.30360
Researchers have shared indicators of compromise (IoCs) to aid in detection and prevention efforts against CVE-2026-34621.
About Author
English