Adobe fixes PDF zero-day security bug that hackers have exploited for months
Adobe fixes PDF zero-day security bug that hackers have exploited for months
Adobe has patched a vulnerability in its flagship document-reading apps, Acrobat DC, Reader DC and Acrobat 2024, that hackers have been actively exploiting for at least four months.
The vulnerability, officially tracked as CVE-2026-34621, allows hackers to remotely plant malware on a person’s device by tricking them into opening a maliciously crafted PDF file on their Windows device or macOS computer. The exploit targets a vulnerability in some versions of the Adobe Reader software.
It is not yet known how many people have been affected by this hacking campaign. In a note on its website, Adobe said it was aware that the bug is being exploited in the wild, known as a zero-day, indicating that hackers have been using it to break into people’s computers before Adobe could fix it.
While it’s not clear who is behind the hacking campaign, the ubiquity of Adobe’s PDF-reading software makes it a consistent target for cyber criminals and government-backed hackers, who have long abused weaknesses in the software to steal data from people’s computers.
Security researcher Haifei Li, who runs the exploit-detection system EXPMON, discovered the vulnerability after someone uploaded a copy of a malicious PDF containing the exploit to his malware scanner. In a blog post, Li wrote that another copy of the malware-ridden PDF first appeared on VirusTotal, another online malware scanner, in late November 2025.
It’s not clear who the hacking campaign was targeting or for what reason, and Li said it was not possible to obtain any additional exploits from the hacker’s servers. But according to Li’s analysis, opening a malicious PDF and triggering the exploit “could lead to full control of the victim’s system” and give the hacker the ability to steal a wide range of data.
Adobe said Acrobat DC, Reader DC, and Acrobat 2024 are affected, and urged users to update their software to the latest versions.
Zack Whittaker is the security editor at TechCrunch. He also authors the weekly cybersecurity newsletter, this week in security.
He can be reached via encrypted message at zackwhittaker.1337 on Signal. You can also contact him by email, or to verify outreach, at zack.whittaker@techcrunch.com.
Sponsored
Sponsored
Sponsored
Sponsored
Ads
Categories
Read More
The US military is still using Claude — but defense-tech clients are fleeing Image Credits:Atta Kenare/AFP / Getty Images 9:20 AM PST · March 4, 2026 The aftermath of Anthropic’s dispute with the Department of Defense has left the company in an awkward place — being both actively in use as part of the ongoing conflict between the U.S. and Iran and decoupling...
Tired of AI Hallucinations? Use These 7 Expert Tips to Fix Your Image Errors FastI've spent a massive amount of time living inside the world of AI image generators, and let me tell you, it's a fever dream. One minute I'm looking at a breathtaking, cinematic sci-fi landscape that looks like it cost millions to produce, and the next, I'm staring at a "hilarious" disaster where a human has three...
One of the Most Common Causes of Dishwasher Decline Is Completely Avoidable Why You Can Trust CNET Our expert, award-winning staff selects the products we cover and rigorously researches and tests our top picks. If you buy through our links, we may get a commission. Reviews ethics statement Most modern dishwashers have one important part that needs regular cleaning. I asked an...
The Real Reason Vet Bills Are Skyrocketing — and What You Can Do About It We research all brands listed and may earn a fee from our partners. Research and financial considerations may influence how brands are displayed. Not all brands are included. Learn more. Taking your pet to a veterinarian is an important part of being a good pet owner....
At least 55 Ghanaians killed in Russia-Ukraine war, Minister Samuel Okudzeto Ablakwa saysGhana's Foreign Affairs Ministry/FacebookUkraine Foreign Minister Andrii Sybiha and his Ghanaian counterpart Samuel Okudzeto Ablakwa paid their respects to those killed in the warAt least 55 Ghanaians have been killed fighting in the war in Ukraine, with two others currently held as prisoners of war,...
