A critical prototype pollution vulnerability in the world most popular PDF reader was weaponized months before its public disclosure. This zero-day allows for arbitrary code execution on Windows and macOS systems simply by opening a maliciously crafted PDF document.
Tracked as CVE-2026-34621‚ the flaw resides in the JavaScript engine of @[Adobe](urn:li:organization:1480) Acrobat and Reader. Threat intelligence indicates that the vulnerability has been under active exploitation since late 2025 to bypass sandboxing and execute unauthorized code. CISA added this flaw to the KEV catalog this week‚ mandating urgent remediation.
The long-term concealment of this zero-day demonstrates the strategic advantage maintained by sophisticated actors when targeting core productivity tools. Because PDF readers are often excluded from aggressive application control policies‚ they remain a reliable vehicle for silent initial access and data exfiltration.
– Force update all @[Adobe](urn:li:organization:1480) Acrobat and Reader installations to the latest security version (APSB26-43) immediately.
– Utilize MDM to disable JavaScript and unauthorized API calls within PDF readers across the managed enterprise fleet.
– Deploy secure email gateways to pre-scan and neutralize suspicious PDF attachments before they reach the endpoint.
– Monitor EDR logs for anomalous child processes or network connections originating from document reader applications.
Document reader zero-days exploit the fundamental business necessity of document sharing to bypass the traditional network-layer perimeter. #CodeDefence #Adobe #ZeroDay #CISA
/