Adobe Fixes Actively Exploited Zero-Day in Acrobat Reader - gbhackers.com

CVE/vulnerabilityCyber Security NewsVulnerability 2 min.Read Adobe Fixes Actively Exploited Zero-Day in Acrobat Reader By Divya April 13, 2026 Share Facebook Twitter Pinterest WhatsApp Adobe has released an emergency security update to address a critical zero-day vulnerability in Acrobat and Reader for Windows and macOS. According to Adobe’s APSB26-43 bulletin, the flaw is currently being exploited in the wild, prompting a Priority 1 rating from the company. Designated as CVE-2026-34621, this vulnerability is an Improperly Controlled Modification of Object Prototype Attributes, commonly known as a Prototype Pollution flaw (CWE-1321). Based on details from the GitHub Advisory Database, this weakness occurs when an application receives upstream input that specifies attributes to be initialized in an object, but fails to control modifications to the core prototype. If successfully exploited, this chain of events can lead to arbitrary code execution within the context of the current user. To trigger this exploit, threat actors must rely on user interaction. The victim is required to open a specially crafted, malicious PDF file. While initially scored as a 9.6 with a Network attack vector, Adobe revised the CVSS base score to 8.6 on April 12, 2026, officially changing the attack vector to Local (AV:L). As reported by EXPMON founder Haifei Li, who received official credit for discovering the vulnerability, this flaw allows attackers to execute malicious JavaScript embedded directly inside the compromised PDF document. Threat intelligence indicates this zero-day vulnerability may have been leveraged in ongoing attacks since late 2025. Users and organizations running the following software builds are currently exposed to this high-severity threat: Acrobat DC (Continuous Track): Version 26.001.21367 and earlier for Windows and macOS Acrobat Reader DC (Continuous Track): Version 26.001.21367 and earlier for Windows and macOS Acrobat 2024 (Classic 2024 Track): Version 24.001.30356 and earlier for Windows and macOS Mitigation Strategies Given the confirmed active exploitation of this zero-day bug, organizations should prioritize patching immediately. Adobe recommends the following immediate mitigation strategies to secure environments. End users should manually update their software installations by navigating to “Help > Check for Updates”. Systems with automatic updates enabled will receive the critical patch without requiring user intervention. Users can also download the full installer directly from the official Acrobat Reader Download Center. For IT administrators managing large-scale enterprise environments, Adobe advises deploying the updated installers via standard deployment methodologies. For Windows networks, administrators should push the update using AIP-GPO, a bootstrapper, or SCUP/SCCM. For macOS environments, updates should be distributed using Apple Remote Desktop and SSH. The fully patched versions that resolve this flaw are 26.001.21411 for the Continuous Track, 24.001.30362 for Acrobat 2024 on Windows, and 24.001.30360 for Acrobat 2024 on macOS. Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google. Tags cyber security Cyber Security News Vulnerability Divya Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world. Hot this week Infosec- Resources How To Access Dark Web Anonymously and know its Secretive and Mysterious Activities June 4, 2023 1 What is Deep Web The deep web, invisible web, or... SOC Architecture How to Build and Run a Security Operations Center (SOC Guide) – 2023 June 3, 2023 12 Today’s Cyber security operations center (CSOC) should have everything... Cyber Security News Russian Hackers Bypass EDR to Deliver a Weaponized TeamViewer Component October 18, 2023 0 TeamViewer's popularity and remote access capabilities make it an... Checklist Web Server Penetration Testing Checklist – 2026 January 6, 2026 0 Web server pentesting is performed under three significant categories: identity,... Infosec- Resources ATM Penetration Testing – Advanced Testing Methods to Find The Vulnerabilities June 4, 2023 4 ATM Penetration testing, Hackers have found different approaches to... Topics AcquisitionAdobeAdwareAIAmazonAmazon AWSAMDAndroidAnti VirusAntimalwareANY RUNApacheAPIAppleAPTArtificial IntelligenceAvastAWSAzureBackdoorBitcoinBluetoothBotnetBrowserBuffer over flowBug BountyBusinessChatbotsChatGPTChecklistChromeCiscoCISOCISO AdvisoryCloudCloud SecurityCloudflareComputer SecurityCourseCPUCross site ScriptingcryptocurrencyCryptocurrency hackCVE/vulnerabilityCyber AdvisoryCyber AICyber AttackCyber Crimecyber securityCyber security CourseCyber Security NewsCyber Security ResourcesDark WebData BreachData GovernanceDDOSDealsDeepSeekDiscordDNSDos AttackDriveDropboxEducationEmailEmail SecurityEthical HackingExploitExploitation ToolsExtratorrentsFACEBOOKFeaturedFirefoxFirefox NewsFirewallForensics ToolsgameGenAIGitHubGitLabGmailGoogleGoogle dorksGovernanceGRCHacking BooksHacksHardware HackingHBOHTMLHTTPIBMIISIncident ResponseInformation GatheringInformation Security RisksInfosec- ResourcesInsider ThreatsInstagramIntelMore cyber security Hackers Hijack Microsoft Teams Accounts to Spread ModeloRAT Malware 0 Hackers are now abusing hijacked Microsoft Teams accounts and... CVE/vulnerability Open WebUI File Upload Vulnerability Enables 1-Click RCE Attack 0 A critical, unpatched vulnerability is actively threatening Open WebUI... cyber security North Korea Hackers Abuse Git Hooks to Deploy Cross-Platform Malware 0 North Korean threat actors have introduced a stealthy new... CVE/vulnerability Cline AI Agent Flaw Allows Attackers to Launch RCE Attacks 0 A critical security vulnerability in the Cline AI coding... Chrome Fake TronLink Chrome Extension Steals Crypto Wallet Credentials 0 A newly uncovered phishing campaign is targeting TRON wallet... CVE/vulnerability Claude Chrome Extension Flaw Lets Malicious Add-Ons Steal Gmail and Drive Data 0 A critical vulnerability dubbed "ClaudeBleed" has compromised Anthropic's trusted... cyber security Microsoft Warns: MistralAI PyPI Package Compromised with Malware 0 Mistral’s official Python client on PyPI has been pulled... AI OpenAI Daybreak Automates Vulnerability Detection and Patching 0 The relentless race against zero-day exploits and sophisticated cyberattacks... Related Articles Hackers Hijack Microsoft Teams Accounts to Spread ModeloRAT Malware cyber security May 12, 2026 Open WebUI File Upload Vulnerability Enables 1-Click RCE Attack CVE/vulnerability May 12, 2026 North Korea Hackers Abuse Git Hooks to Deploy Cross-Platform Malware cyber security May 12, 2026 Cline AI Agent Flaw Allows Attackers to Launch RCE Attacks CVE/vulnerability May 12, 2026 Fake TronLink Chrome Extension Steals Crypto Wallet Credentials Chrome May 12, 2026 Recent News Hackers Hijack Microsoft Teams Accounts to Spread ModeloRAT Malware Mayura Kathir - May 12, 2026 Open WebUI File Upload Vulnerability Enables 1-Click RCE Attack Divya - May 12, 2026 North Korea Hackers Abuse Git Hooks to Deploy Cross-Platform Malware Mayura Kathir - May 12, 2026 Cline AI Agent Flaw Allows Attackers to Launch RCE Attacks Divya - May 12, 2026 Fake TronLink Chrome Extension Steals Crypto Wallet Credentials Mayura Kathir - May 12, 2026 Claude Chrome Extension Flaw Lets Malicious Add-Ons Steal Gmail and Drive Data Divya - May 12, 2026