Adobe Releases Emergency Patch for Critical Zero-Day Flaw in Acrobat and Reader

Adobe has issued an urgent security update to fix a critical zero-day vulnerability affecting Acrobat and Reader on both Windows and macOS platforms.

The flaw, tracked as CVE-2026-34621, is currently being actively exploited in the wild, prompting Adobe to classify it with a Priority 1 severity rating.

Vulnerability Overview

This vulnerability is categorized as a Prototype Pollution flaw (CWE-1321), also known as “Improperly Controlled Modification of Object Prototype Attributes.” It occurs when an application accepts input that modifies object attributes without properly validating or controlling changes to the prototype chain.

If exploited successfully, this flaw can allow attackers to execute arbitrary code within the context of the current user’s session. However, successful exploitation requires user interaction—specifically, the victim must open a maliciously crafted PDF file.

CVSS Score Update

Initially rated at 9.6 with a network-based attack vector, Adobe updated the CVSS base score to 8.6 on April 12, 2026. The revised score reflects a local attack vector (AV:L), indicating that exploitation typically requires user interaction from within the system.

Discovery and Exploitation

The vulnerability was discovered by Haifei Li, founder of EXPMON, who received official recognition for the finding. According to reports, this flaw enables attackers to embed and run malicious JavaScript directly within compromised PDF documents.

Threat intelligence suggests that this zero-day exploit may have been in use since late 2025, underscoring the urgency of patching.

Affected Software Versions

Systems running the following versions are vulnerable and should be updated immediately:

  • Acrobat DC (Continuous Track): Versions 26.001.21367 and earlier (Windows & macOS)
  • Acrobat Reader DC (Continuous Track): Versions 26.001.21367 and earlier (Windows & macOS)
  • Acrobat 2024 (Classic 2024 Track): Versions 24.001.30356 and earlier (Windows & macOS)

Recommended Mitigation Steps

Given that the exploit is already active in the wild, immediate action is critical for all users and organizations.

For End Users:

  • Manually check for updates by navigating to Help > Check for Updates.
  • Alternatively, download the latest installer directly from Adobe’s official Acrobat Reader Download Center.

For IT Administrators:

Adobe recommends deploying patches through standard enterprise deployment tools:

  • Windows Environments: Use AIP-GPO, bootstrappers, or SCCM/SCUP for automated distribution.
  • macOS Environments: Distribute updates using Apple Remote Desktop and SSH.

Patched Versions

The following versions resolve the vulnerability:

  • Acrobat DC (Continuous Track): Version 26.001.21411
  • Acrobat 2024 (Windows): Version 24.001.30362
  • Acrobat 2024 (macOS): Version 24.001.30360

Organizations are strongly advised to prioritize updating their Acrobat and Reader installations as soon as possible to mitigate potential threats.

Related Articles

Back to top button