Adobe has released an emergency security update for Acrobat Reader to fix a serious vulnerability that has been actively exploited in zero-day attacks since at least December.
The flaw, tracked as CVE-2026-34621, allows attackers to use malicious PDF files to bypass sandbox protections and access sensitive system functions.
The vulnerability makes it possible for a specially crafted PDF to trigger privileged JavaScript APIs, which can lead to arbitrary code execution. In observed attacks, the exploit was used to read and steal files from the victim’s system without requiring any action beyond simply opening the PDF.
The attack takes advantage of specific APIs such as util.readFileIntoStream to access local files and RSS.addFeed to send stolen data and fetch additional malicious code. This combination allows attackers to extract information from infected systems quietly.
The issue was discovered by security researcher Haifei Li, founder of the EXPMON exploit detection system, after a suspicious PDF file was submitted for analysis. The file, named “yummy_adobe_exploit_uwu.pdf,” had already been uploaded to VirusTotal a few days earlier, where only a small number of security tools flagged it as malicious.
Li decided to investigate further after his system’s advanced detection feature was triggered. He later shared details of the exploit in a blog post. Around the same time, another researcher known as Gi7w0rm identified real-world attacks using documents written in Russian, themed around the oil and gas industry.
After receiving the report, Adobe released a security bulletin and assigned the vulnerability its official CVE identifier. The flaw was initially rated critical with a score of 9.6, but Adobe later adjusted the severity to 8.6 after changing the attack classification from network-based to local.
The vulnerability affects multiple versions of Acrobat and Acrobat Reader on both Windows and macOS. Adobe has released fixes in updated versions and is urging users to install them immediately.
Users can update their software through the built-in update option or download the latest installer from Adobe’s official website. Since no workarounds or temporary fixes are available, applying the update is the only way to stay protected.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Adobe also advises users to remain cautious when opening PDF files from unknown sources and to use secure environments when dealing with suspicious documents.
