Adobe has released emergency out-of-band security updates for Adobe Acrobat and Reader to address a critical zero-day vulnerability (CVE-2026-34621) that has been under active exploitation for several months.
According to threat intelligence researchers, the vulnerability has likely been leveraged in the wild since November or December 2025. The flaw allows for arbitrary code execution and is particularly dangerous because it does not require extensive user interaction—simply opening a specially crafted, malicious PDF file is enough to trigger the exploit.
Initial investigations suggest that advanced persistent threat (APT) groups may be behind the targeted attacks, utilizing Russian-language lures to trick victims into opening the weaponized documents.
How to check if you’re affected
You are potentially affected if you are running unpatched versions of Adobe Acrobat or Acrobat Reader on Windows or macOS.
- Check your version: Open Adobe Acrobat or Reader. Go to Help > About Adobe Acrobat (or About Adobe Reader) to view your current version.
- Apply the update: Go to Help > Check for Updates… to download and install the latest security patch immediately.
- Enable automatic updates: To prevent future exposure, ensure that your Adobe software is configured to install updates automatically by going to Edit > Preferences > Updater.