Adobe rushes emergency Acrobat Reader patch after months-long PDF zero-day attacks
Adobe released emergency patches for Acrobat and Reader after attackers exploited CVE-2026-34621, a PDF flaw abused for at least four months. U.S. authorities added the bug to CISA’s Known Exploited Vulnerabilities catalog on April 13, requiring federal agencies to patch by April 27. The flaw enables remote code execution and sandbox escapes via malicious PDFs. Attacks used Russian-language lures tied to Russia’s oil and gas sector.