Adobe has patched a vulnerability in its Acrobat DC, Reader DC, and Acrobat 2024 products that has been exploited by hackers for at least four months. The vulnerability, tracked as CVE-2026-34621, allows remote malware installation by deceiving users into opening malicious PDF files on Windows or macOS devices.
The scope of the hacking campaign is currently unknown. Adobe acknowledged that this is a zero-day vulnerability, which means it has been targeted by attackers before a fix was implemented. The company advises users to update to the latest versions of the affected applications.
Security researcher Haifei Li discovered the flaw after a malicious PDF containing the exploit was uploaded to his malware scanner. Li noted that a copy of this PDF surfaced on VirusTotal in late November 2025, indicating the exploit’s active circulation in the wild.
The exact identity of the attackers remains unclear, and it is uncertain what specific targets were affected. Li’s analysis suggests that opening the malicious PDF could grant hackers full control over the victim’s system, enabling data theft. “Opening the malicious PDF could lead to full control of the victim’s system,” Li stated.
Adobe’s widespread software applications make them a recurring target for cybercriminals. The company has urged users to remain vigilant and maintain updated software to mitigate the risk of exploitation.
