\n<\/p>\n
Adobe has patched a vulnerability in its flagship document-reading apps, Acrobat DC, Reader DC and Acrobat 2024, that hackers have been actively exploiting for at least four months.<\/p>\n
The vulnerability, officially tracked as CVE-2026-34621, allows hackers to remotely plant malware on a person\u2019s device by tricking them into opening a maliciously crafted PDF file on their Windows device or macOS computer. The exploit targets a vulnerability in some versions of the Adobe Reader software.<\/p>\n
It is not yet known how many people have been affected by this hacking campaign. In a note on its website, Adobe said it was aware that the bug is being exploited in the wild, known as a zero-day, indicating that hackers have been using it to break into people\u2019s computers before Adobe could fix it.\u00a0<\/p>\n
While it\u2019s not clear who is behind the hacking campaign, the ubiquity of Adobe\u2019s PDF-reading software makes it a consistent target for cyber criminals and government-backed hackers, who have long abused weaknesses in the software to steal data from people\u2019s computers.<\/p>\n
Security researcher Haifei Li, who runs the exploit-detection system EXPMON, discovered the vulnerability after someone uploaded a copy of a malicious PDF containing the exploit to his malware scanner. In a blog post, Li wrote that another copy of the malware-ridden PDF first appeared on VirusTotal, another online malware scanner, in late November 2025.<\/p>\n
It\u2019s not clear who the hacking campaign was targeting or for what reason, and Li said it was not possible to obtain any additional exploits from the hacker\u2019s servers. But according to Li\u2019s analysis, opening a malicious PDF and triggering the exploit \u201ccould lead to full control of the victim\u2019s system\u201d and give the hacker the ability to steal a wide range of data.<\/p>\n
Adobe said Acrobat DC, Reader DC, and Acrobat 2024 are affected, and urged users to update their software to the latest versions.<\/p>\n<\/div>\n