2 days ago
3
Image Credits:Avishek Das / SOPA Images / LightRocket / Getty Images7:35 AM PDT · April 14, 2026
Adobe has patched a vulnerability successful its flagship document-reading apps, Acrobat DC, Reader DC and Acrobat 2024, that hackers person been actively exploiting for astatine slightest 4 months.
The vulnerability, officially tracked arsenic CVE-2026-34621, allows hackers to remotely works malware connected a person’s instrumentality by tricking them into opening a maliciously crafted PDF record connected their Windows instrumentality oregon macOS computer. The exploit targets a vulnerability successful immoderate versions of the Adobe Reader software.
It is not yet known however galore radical person been affected by this hacking campaign. In a enactment connected its website, Adobe said it was alert that the bug is being exploited successful the wild, known arsenic a zero-day, indicating that hackers person been utilizing it to interruption into people’s computers earlier Adobe could hole it.
While it’s not wide who is down the hacking campaign, the ubiquity of Adobe’s PDF-reading bundle makes it a consistent target for cyber criminals and government-backed hackers, who person agelong abused weaknesses successful the bundle to bargain information from people’s computers.
Security researcher Haifei Li, who runs the exploit-detection strategy EXPMON, discovered the vulnerability aft idiosyncratic uploaded a copy of a malicious PDF containing the exploit to his malware scanner. In a blog post, Li wrote that different transcript of the malware-ridden PDF archetypal appeared connected VirusTotal, different online malware scanner, successful precocious November 2025.
It’s not wide who the hacking run was targeting oregon for what reason, and Li said it was not imaginable to get immoderate further exploits from the hacker’s servers. But according to Li’s analysis, opening a malicious PDF and triggering the exploit “could pb to afloat power of the victim’s system” and springiness the hacker the quality to bargain a wide scope of data.
Adobe said Acrobat DC, Reader DC, and Acrobat 2024 are affected, and urged users to update their bundle to the latest versions.
Zack Whittaker is the information exertion astatine TechCrunch. He besides authors the play cybersecurity newsletter, this week successful security.
He tin beryllium reached via encrypted connection astatine zackwhittaker.1337 connected Signal. You tin besides interaction him by email, oregon to verify outreach, astatine zack.whittaker@techcrunch.com.
English (US) ·