Adobe has launched an emergency security replace for Acrobat Reader to repair a vulnerability, tracked as CVE-2026-34621, that has been exploited in zero-day assaults since not less than December.
The flaw permits malicious PDF information to bypass sandbox restrictions and invoke privileged JavaScript APIs, doubtlessly resulting in arbitrary code execution. The exploit noticed in assaults permits studying and stealing arbitrary information. No consumer interplay is required past opening the malicious PDF.
Particularly, the exploit abuses APIs like util.readFileIntoStream() to learn arbitrary native information and RSS.addFeed() to exfiltrate knowledge and fetch extra attacker-controlled code.
The security concern was found by Haifei Li, founding father of the EXPMON exploit detection system, after somebody submitted for evaluation a PDF pattern named “yummy_adobe_exploit_uwu.pdf.”
Haifei Li says that somebody submitted the pattern to EXPMON on March 26, but it surely had been despatched to VirusTotal three days earlier than, the place solely 5 out of 64 security distributors flagged it as malicious on the time.
The researcher determined to manually examine the problem after the exploit detection system activated its “detection in depth” characteristic, an superior detection functionality Haifei Li particularly developed for Adobe Reader, he says in a weblog publish final week.
Safety researcher Gi7w0rm noticed assaults within the wild that leveraged Russian-language paperwork with oil and fuel trade lures.
Following the receipt of Li’s report, Adobe revealed a security bulletin over the weekend, assigning the vulnerability the CVE-2026-34621 tracker.
Though the flaw was initially rated important (9.6) with a community assault vector, Adobe subsequently lowered the severity to eight.6 after altering the vector to native.
The seller listed the next Home windows and macOS merchandise as impacted:
- Acrobat DC variations 26.001.21367 and earlier (fastened in model 26.001.21411)
- Acrobat Reader DC variations 26.001.21367 and earlier (fastened in model 26.001.21411)
- Acrobat 2024 variations 24.001.30356 and earlier (fastened in model 24.001.30362 on Home windows, and model 24.001.30360 on Mac)
Adobe recommends that customers of the above software program replace their functions by way of ‘Assist > Test for Updates,’ which triggers an automatic replace.
Alternatively, customers could obtain an Acrobat Reader installer from Adobe’s official software program portal.
No workarounds or mitigations had been listed within the bulletin, so making use of the security updates is the one really useful motion.
Nonetheless, customers ought to at all times be cautious of PDF information despatched from unsolicited sources and open them in sandboxed environments when suspicious.
Automated pentesting proves the trail exists. BAS proves whether or not your controls cease it. Most groups run one with out the opposite.
This whitepaper maps six validation surfaces, exhibits the place protection ends, and supplies practitioners with three diagnostic questions for any instrument analysis.
