Simply opening a PDF could trigger this Adobe Reader zero-day
嗯,用户让我帮忙总结一下这篇文章的内容,控制在一百个字以内。首先,我需要仔细阅读文章,抓住关键点。 文章讲的是Adobe Acrobat Reader的一个零日漏洞,CVE-2026-34621。攻击者通过恶意PDF文件可以悄悄监视用户的电脑,并发起更多攻击。这个漏洞允许隐藏的代码读取受限制的文件,并将它们发送到攻击者的服务器。测试显示,攻击者还可以从远程服务器拉取额外的恶意代码运行,可能绕过沙盒保护。 受影响的产品包括Acrobat DC、Acrobat Reader DC和Acrobat 2024的某些版本。修复版本已经发布,用户需要安装更新来保护自己。此外,建议用户谨慎处理未知来源的PDF,并使用防恶意软件工具。 总结时要简洁明了,涵盖漏洞、影响、攻击方式以及防护措施。确保在100字以内,不使用“文章内容总结”之类的开头。 </think> Adobe Acrobat Reader存在零日漏洞(CVE-2026-34621),恶意PDF可利用此漏洞窃取文件并执行远程代码。受影响版本包括Acrobat DC、Reader DC及Acrobat 2024的部分版本。用户应安装紧急更新以修复漏洞,并谨慎处理未知PDF文件。 2026-4-13 11:38:36 Author: www.malwarebytes.com(查看原文) 阅读量:19 收藏

Opening the wrong PDF in Adobe Reader was enough to let criminals quietly spy on your computer and unleash more attacks, even though everything looked normal.

A researcher analyzed a malicious PDF and found that it abused a previously unknown flaw (a “zero‑day”) in Adobe Acrobat Reader.

When a victim simply opens this PDF, hidden code inside it can read files that Acrobat Reader should not be allowed to access and send them to an attacker’s server. Some tests show that it allows attackers to pull in additional malicious code from a remote server and run it on the victim’s machine, potentially escaping Adobe’s sandbox protections.

In its security bulletin, Adobe acknowledges that the vulnerability tracked as CVE-2026-34621, is being exploited in the wild.

The issue impacts the following products and versions for both Windows and macOS:

  • Acrobat DC versions 26.001.21367 and earlier (fixed in 26.001.21411)
  • Acrobat Reader DC versions 26.001.21367 and earlier (fixed in 26.001.21411)
  • Acrobat 2024 versions 24.001.30356 and earlier (fixed in 24.001.30362 for Windows and 24.001.30360 for macOS)

Exploitation requires you to open a malicious PDF, but nothing more. No extra clicks or permissions are needed. The researcher found malicious samples using this exploit dating back to November 11, 2025.

Testing showed that a successful exploitation can:

  • Pull in JavaScript from a remote server and execute it inside Adobe Reader.
  • Steal arbitrary local files and send them out, proving real‑world data theft is possible even without a full remote code execution chain.

How to stay safe

The easiest way to stay safe is to install the emergency update.

The latest product versions are available to end users via one of the following methods:    

  • Manually: Go to Help > Check for updates
  • Automatically: Updates install without user intervention when detected
  • Direct download: Available from the Acrobat Reader Download Center

For IT administrators (managed environments):

  • Refer to the relevant release notes for installer links
  • Deploy updates using AIP-GPO, bootstrapper, SCUP/SCCM (Windows), or Apple Remote Desktop/SSH (macOS)

If you’re unable or unwilling to update right away:

  • Be extra cautious with PDFs from unknown senders or unexpected attachments, even after patching, as attackers may pivot to new variants.
  • Use an up-to-date, real-time anti-malware solution to block known malicious servers and detect malware and exploits.
  • Carefully monitor all HTTP/HTTPS traffic for the  “Adobe Synchronizer” string in the User Agent field.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

About the author

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.


文章来源: https://www.malwarebytes.com/blog/news/2026/04/simply-opening-a-pdf-could-trigger-this-adobe-reader-zero-day
如有侵权请联系:admin#unsafe.sh