Adobe has rolled out an emergency patch for a critical security flaw in its industry-leading PDF viewing applications—Acrobat DC, Reader DC, and Acrobat 2024—one that malicious hackers have been actively exploiting for at least four months.

Tracked publicly under the identifier CVE-2026-34621, the vulnerability lets attackers remotely install malware on a victim’s device by tricking them into opening a specially modified malicious PDF file, on either Windows or macOS machines. The exploit targets unaddressed security gaps in affected versions of Adobe’s PDF reader software.

There is still no public estimate of how many users have been impacted by this ongoing hacking campaign. In an official security advisory posted to its website, Adobe confirmed it is aware the bug is being actively exploited in the wild, categorizing it as a zero-day vulnerability. This label means hackers began abusing the flaw to break into users’ devices before Adobe was able to develop a working fix.

While the identity of the group behind the campaign remains unconfirmed, the near-universal adoption of Adobe’s PDF tools makes the software a consistent high-value target for both cybercriminals and government-backed hacking groups. For years, these actors have leveraged unpatched weaknesses in Adobe’s products to steal sensitive data from end users’ devices.

Security researcher Haifei Li, who operates EXPMON—a specialized exploit detection system—discovered the vulnerability after a user uploaded a copy of the weaponized PDF containing the exploit to his malware scanning service. In a public blog post outlining the flaw, Li shared that the first copy of the malicious PDF was spotted on VirusTotal, a popular public online malware analysis platform, all the way back in late November 2025.

It remains unclear exactly what groups or individuals the hacking campaign targeted, or what the attackers’ core motives were, and Li confirmed that no additional exploit samples could be retrieved from the hackers’ backend servers. Even so, Li’s analysis shows that simply opening the malicious PDF to trigger the exploit “could lead to full control of the victim’s system,” granting attackers unrestricted access to steal a broad range of personal and sensitive data from the compromised device.

Adobe confirmed that all current versions of Acrobat DC, Reader DC, and Acrobat 2024 are impacted by the flaw, and has strongly urged all users running these apps to update their software to the latest patched versions immediately.