"The exploit carries such gravitas that Adobe had to release an emergency patch for all affected products and urged users to update them immediately, as no workaround is available."
"Hackers were able not only to bypass the guard and send malicious PDF attachments but also to invoke privileged JavaScript APIs, allowing them to execute arbitrary code."
"According to BleepingComputer, the hackers abuse JavaScript APIs like util.readFileIntoStream() to access local files within their victim's device, and RSS.addFeed() to send the accessed data out to a remote server."
"The zero-day exploit was observed and analyzed in March when someone submitted a PDF sample on EXPMON, which triggered one of EXPMON's advanced 'detection in depth' features."
A critical vulnerability in Adobe products, tracked as CVE-2026-34621, has been actively exploited since December 2025. The flaw, discovered by Haifei Li, has a CVSS score of 8.6. Adobe issued an emergency patch for all affected products, urging users to update immediately as no workaround exists. Hackers bypassed Adobe's security measures, allowing them to execute arbitrary code through malicious PDFs. They exploited JavaScript APIs to access local files and send data to remote servers, highlighting significant security risks in Adobe's PDF handling.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]