A critical prototype pollution vulnerability in the world most popular PDF reader was weaponized months before its public disclosure. This zero-day allows for arbitrary code execution on Windows and macOS systems simply by opening a maliciously crafted PDF document.
Tracked as CVE-2026-34621‚ the flaw resides in the JavaScript engine of @[Adobe](urn:li:organization:1480) Acrobat and Reader. Threat intelligence indicates that the vulnerability has been under active exploitation by advanced persistent threat actors since at least November 2025. The exploit specifically targets the application objects and properties to bypass standard sandboxing and execute unauthorized JavaScript on the host system.
The five-month exposure window for this zero-day demonstrates the strategic advantage attackers maintain when targeting core productivity tools. Because PDF readers are often excluded from aggressive application control policies in the enterprise‚ they remain a reliable and stable vehicle for long-term espionage.
– Force update all @[Adobe](urn:li:organization:1480) Acrobat and Reader installations to version 26.001.21411 or higher immediately.
– Utilize MDM to disable JavaScript and unauthorized API calls within PDF readers across the managed enterprise fleet.
– Deploy secure email gateways to pre-scan and neutralize suspicious PDF attachments before they reach the endpoint.
– Monitor EDR logs for anomalous child processes or network connections originating from Acrobat.exe or AdobeReader.app.
Document reader zero-days exploit the fundamental business necessity of document sharing to bypass the traditional network-layer perimeter. #CodeDefence #Adobe #ZeroDay #ThreatIntelligence
/