Adobe Acrobat zero‑day exploited
Adobe warned that a zero‑day vulnerability in Acrobat and Reader (CVE‑2026‑34621) is being actively exploited and urged users to update immediately. The advisory covers both Windows and macOS builds and frames the issue as an active attack rather than a theoretical flaw. (cyberkendra.com)
Adobe has told Acrobat and Reader users to patch immediately after confirming CVE-2026-34621 is being used in real-world attacks on Windows and macOS. (adobe.com) (cvefeed.io) The flaw is a “prototype pollution” bug, a way to tamper with how a program handles objects in memory, and it can end in arbitrary code execution under the current user’s account. Adobe’s affected versions include Continuous track 26.001.21367 and earlier and Classic 2024 track 24.001.30356 and earlier. (cvefeed.io) In plain terms, the attack starts with a booby-trapped Portable Document Format file. The victim has to open the file, and researchers said the malicious document can run obfuscated JavaScript inside Reader to reach privileged Acrobat application programming interfaces. (sophos.com) (cvefeed.io) This moved from researcher warning to vendor confirmation in the same week. Sophos said on April 9, 2026 that exploitation had been seen since at least December 2025, and Adobe published the CVE on April 11, 2026. (sophos.com) (cvefeed.io) Portable Document Format readers stay a common attack path because email lures and invoice-themed attachments still get opened inside businesses. Sophos said the samples tied to this campaign used Russian-language lures linked to the oil and gas sector, pointing to targeted attacks rather than broad spam. (sophos.com) Adobe’s release notes show 26.001.21367 was the planned Continuous update on April 2, 2026, which means organizations that patched on the normal schedule could still have been exposed until this emergency bulletin landed. Adobe says users who do not yet see the latest build can force an update through Help and then Check for updates. (adobe.com) Security researchers have described the exploit as working on the latest Reader builds before the fix, with no extra action beyond opening the PDF. Forbes reported Adobe told users to install the update within 72 hours. (forbes.com) (sophos.com) Sophos also published indicators tied to the campaign, including malicious file hashes, a command-and-control domain, and two internet protocol addresses with ports. That gives defenders something concrete to hunt for while they push patches across fleets. (sophos.com) The immediate fix is simple even if the bug is not: update Acrobat or Reader now, then treat unexpected PDF attachments as suspicious until every endpoint is on a patched build. (adobe.com) (cvefeed.io)
