"Adobe's patch addresses CVE-2026-34621, a critical vulnerability that could allow arbitrary code execution through malicious PDFs, which had been actively exploited for months."
"Malicious documents employed heavily obfuscated JavaScript to gather system information, enabling attackers to decide on escalation and deploy a second-stage payload for remote code execution."
"Evidence suggests that the malicious activity related to this vulnerability has been ongoing since late 2025, allowing attackers to blend their exploits into normal Reader behavior."
"Some documents referenced oil and gas sector themes, indicating a targeted approach rather than random spam, suggesting specific interests in the victim pool."
Adobe has issued a fix for a critical zero-day vulnerability, CVE-2026-34621, affecting Acrobat and Reader on Windows and macOS. This vulnerability allowed attackers to execute arbitrary code through malicious PDFs. The patch was released after reports highlighted ongoing exploitation. Malicious documents utilized obfuscated JavaScript to gather system information and potentially escalate attacks. Evidence indicates that this malicious activity has been ongoing since late 2025, allowing attackers to evade traditional defenses. The patch addresses the vulnerability but does not mitigate prior compromises from malicious PDFs.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]