Adobe has patched a vulnerability in its Acrobat DC, Reader DC, and Acrobat 2024 applications that hackers exploited for at least four months.
The vulnerability, tracked as CVE-2026-34621, enables hackers to remotely install malware on devices by deceiving users into opening a maliciously crafted PDF file. The exploit affects specific versions of Adobe Reader software.
The scope of the affected users remains unknown. Adobe stated it is aware of ongoing exploitation of the bug, designating it as a zero-day vulnerability. This classification indicates that attackers have been utilizing the flaw to compromise systems prior to Adobe’s fix.
The identity of the hacking campaign’s perpetrators is unclear, although the prevalence of Adobe’s PDF software makes it a frequent target for both cybercriminals and state-sponsored actors aiming to pilfer data.
Security researcher Haifei Li, who leads the exploit-detection system EXPMON, identified the vulnerability after a malicious PDF was uploaded to his malware scanner. Li noted in a blog post that a version of the malware-laden PDF first surfaced on VirusTotal in late November 2025.
The specific targets or objectives of the hacking campaign remain unidentified, and Li mentioned that obtaining additional exploits from the hacker’s servers was not feasible. His analysis indicated that opening the malicious PDF could grant the hacker “full control of the victim’s system” and facilitate extensive data theft.
Adobe confirmed that users of Acrobat DC, Reader DC, and Acrobat 2024 should update their software to the latest versions to address the issue.
