嗯,用户让我帮忙总结一篇文章,控制在100字以内,而且不需要特定的开头。首先,我得仔细阅读这篇文章,抓住主要信息。 文章讲的是Adobe修复了一个被积极利用的Acrobat Reader漏洞,编号是CVE-2026-34621。这个漏洞属于原型污染类型,可以让攻击者执行恶意代码。Adobe已经发布了紧急更新,并提到了受影响的版本和报告漏洞的研究人员。 用户的需求是用中文总结,所以我要确保内容准确且简洁。重点包括:漏洞名称、类型、影响、修复措施以及研究人员的信息。还要注意字数限制,不能超过100字。 可能需要合并一些信息,比如受影响的版本可以简要提及,而不需要详细列出。同时,保持语句流畅自然,避免使用过于技术化的术语,让读者容易理解。 最后检查一下是否涵盖了所有关键点:Adobe修复了漏洞、漏洞类型、影响、紧急更新、CVSS评分以及研究人员的名字。这样总结出来的内容应该既全面又简洁。 </think> Adobe修复了被积极利用的Acrobat Reader漏洞CVE-2026-34621(CVSS评分8.6),该漏洞可能导致任意代码执行。该漏洞属于原型污染问题,攻击者可利用其注入恶意代码。Adobe已发布紧急更新修复此问题,并确认该漏洞在野被利用。 2026-4-12 17:47:8 Author: securityaffairs.com(查看原文) 阅读量:21 收藏
Adobe fixes actively exploited Acrobat Reader flaw CVE-2026-34621
Adobe addressed a critical Acrobat Reader vulnerability, tracked as CVE-2026-34621, which is actively exploited to run malicious code.
Adobe released emergency updates to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited. The flaw could allow attackers to execute malicious code on affected systems, making prompt patching essential to reduce the risk of compromise.
“Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses a critical vulnerability. Successful exploitation could lead to arbitrary code execution.” reads the advisory. “Adobe is aware of CVE-2026-34621 being exploited in the wild.”
The vulnerability is an improperly controlled modification of object prototype attributes (‘Prototype Pollution’) that can lead to arbitrary code execution.
Improperly Controlled Modification of Object Prototype Attributes (often called prototype pollution) is a vulnerability mainly in JavaScript where an attacker can modify the base object prototype that many other objects inherit from. In JavaScript, objects can inherit properties from a shared prototype (like Object.prototype). If an application doesn’t properly validate input, an attacker can inject values into this prototype.
Below are the impacted versions:
Adobe acknowledged Haifei Li, founder of EXPMON, for reporting this flaw.
Li recently revealed that a zero-day flaw was exploited to run malicious JavaScript via crafted PDFs in Adobe Acrobat Reader. According to the expert, threat actors used the Adobe Reader zero-day for months to deliver a sophisticated PDF exploit.
— EXPMON (@EXPMON_) April 11, 2026Adobe has confirmed our findings and has issued an emergency security update for all Adobe Reader (and other affected products) users.https://t.co/10vjsj4MeJ
The underlying exploited zero-day vulnerability has been rated Critical (CVSS 9.6) and is tracked as CVE-2026-34621. It…
On March 26, a suspicious PDF was submitted to EXPMON and flagged by its advanced “detection in depth” feature, despite low antivirus detection (13/64 on VirusTotal).
The system marked it for manual review, highlighting potential hidden threats. EXPMON identifies exploits through automated alerts, analyst inspection of logs and indicators, and large-scale data analysis. This case shows how advanced detection can uncover sophisticated zero-day activity that traditional tools may miss, though it requires expert analysis to confirm.
The sample analyzed by the Li works as an initial exploit that abuses an unpatched Adobe Reader flaw to run privileged APIs on fully updated systems.
It uses “util.readFileIntoStream()” to read local files and collect sensitive data. Then it calls “RSS.addFeed()” to send stolen data to a remote server and receive more malicious JavaScript.
This lets attackers profile victims, steal information, and decide whether to launch further attacks, including remote code execution or sandbox escape if the target meets specific conditions.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Adobe)
如有侵权请联系:admin#unsafe.sh