CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ⬡ Vulnerabilities & CVEs Jun 24, 2026

Adobe Acrobat Reader Vulnerabilities Let Attackers Execute Arbitrary Code - CyberSecurityNews

CyberSecurityNews Archived Jun 24, 2026 ✓ Full text saved

Adobe Acrobat Reader Vulnerabilities Let Attackers Execute Arbitrary Code CyberSecurityNews

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeAdobe Adobe Acrobat Reader Vulnerabilities Let Attackers Execute Arbitrary Code By Abinaya April 15, 2026 Adobe has released a critical security bulletin on April 14, 2026, to address multiple vulnerabilities in Adobe Acrobat and Reader for Windows and macOS. According to the official advisory, successful exploitation of these flaws could allow attackers to execute arbitrary code or read arbitrary files on a targeted system. While these threats carry high severity ratings, Adobe confirmed that they are not currently aware of any active exploits in the wild. Arbitrary code execution is particularly dangerous in document readers, as threat actors frequently use phishing emails to trick victims into opening weaponized files. Once a malicious PDF is opened, an attacker could silently install malware, steal sensitive data, or establish a foothold within a corporate network. Adobe Acrobat Reader Vulnerabilities The latest security patch addresses two specific vulnerabilities. Both are categorized as Improperly Controlled Modification of Object Prototype Attributes, commonly known as Prototype Pollution (CWE-1321). This type of flaw occurs when a script manipulates standard object behavior, allowing attackers to bypass security controls. The security bulletin highlights the following technical details: CVE-2026-34622: A critical vulnerability with a high CVSS base score of 8.6, allowing arbitrary code execution in the context of the current user, was reported by a security researcher known as YH from Zscaler. CVE-2026-34626: Rated as important with a CVSS base score of 6.3, this flaw could result in arbitrary file system reads and expose sensitive local data, discovered by researcher greenapple. These security flaws affect multiple tracks of Adobe’s PDF software on both Windows and macOS. Users running outdated software are at risk of potential compromise if they interact with a maliciously crafted document. The affected products include: Acrobat DC and Acrobat Reader DC (Continuous Track) versions 26.001.21411 and earlier for both Windows and macOS. Acrobat 2024 (Classic Track) version 24.001.30362 and earlier for Windows. Acrobat 2024 (Classic Track) version 24.001.30360 and earlier for macOS. Mitigations Adobe rated these updates as Priority 2, meaning no active exploits are known, but patches should be applied promptly to prevent future attacks. Adobe strongly recommends updating software installations to the newly patched versions: 26.001.21431 for the Continuous Track and 24.001.30365 for the Classic 2024 Track. Users and IT administrators can secure their environments using the following methods: Open the Adobe application and manually trigger the patch by navigating to Help and selecting Check for Updates. Rely on automatic updates if enabled, which will patch the software in the background without requiring manual user intervention. Download the latest full installer directly from the official Adobe Acrobat Reader Download Center. Deploy updates across managed enterprise environments using standard administrative tools such as SCCM for Windows or Apple Remote Desktop for macOS. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Klue Hack Leads to Data Breach Across Multiple Cybersecurity Companies Browser-in-the-Browser Kit Uses Fake Software Errors to Deliver Malware Installers Fake Income Tax Assessment Notice Delivers RAT-Like Malware to Windows Users Microsoft Confirms Defender RoguePlanet 0-Day Exploit and Working to Release Patch QNAP Patches Multiple Injection Vulnerabilities Leads to Arbitrary Command Execution Latest News Cyber Security Authorities Disrupt Stealer Malware StealC and Amadey Infrastructure in Global Operation Cyber Security News Fake Income Tax Assessment Notice Delivers RAT-Like Malware to Windows Users Cyber Security News PoC Exploit Released for Microsoft Exchange Server Elevation of Privilege Vulnerability Cyber Security News Laravel Livewire Applications Compromised to Steal Credentials Exploiting RCE Vulnerability Cyber Security News Critical Webmin Vulnerabilities Allow Attackers to Impersonate as Any User
    💬 Team Notes
    Article Info
    Source
    CyberSecurityNews
    Category
    ⬡ Vulnerabilities & CVEs
    Published
    Jun 24, 2026
    Archived
    Jun 24, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗