{"id":46273,"date":"2026-04-13T09:48:45","date_gmt":"2026-04-13T09:48:45","guid":{"rendered":"http:\/\/localhost\/?p=46273"},"modified":"2026-04-13T09:48:45","modified_gmt":"2026-04-13T09:48:45","slug":"simply-opening-a-pdf-could-trigger-this-adobe-reader-zero-day","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=46273","title":{"rendered":"Simply opening a PDF could trigger this Adobe Reader zero-day_MALWAREBYTES:DDF291B8303C8EA6C638399470C04A54"},"content":{"rendered":"

{“lastseen”:”2026-04-13T14:10:58″,”description”:”Opening the wrong PDF in Adobe Reader was enough to let criminals quietly spy on your computer and unleash more attacks, even though everything looked normal.\\n\\nA researcher analyzed a malicious PDF and found that it abused a previously unknown flaw (a \u201czero\u2011day\u201d) in Adobe Acrobat Reader.\\n\\nWhen a victim simply opens this PDF, hidden code inside it can read files that Acrobat Reader should not be allowed to access and send them to an attacker\u2019s server. Some tests show that it allows attackers to pull in additional malicious code from a remote server and run it on the victim\u2019s machine, potentially escaping Adobe\u2019s sandbox protections.\\n\\nIn its security bulletin, Adobe acknowledges that the vulnerability tracked as CVE-2026-34621, is being exploited in the wild.\\n\\nThe issue impacts the following products and versions for both Windows and macOS:\\n\\n * Acrobat DC versions 26.001.21367 and earlier (fixed in 26.001.21411)\\n * Acrobat Reader DC versions 26.001.21367 and earlier (fixed in 26.001.21411)\\n * Acrobat 2024 versions 24.001.30356 and earlier (fixed in 24.001.30362 for Windows and 24.001.30360 for macOS)\\n\\n\\n\\nExploitation requires you to open a malicious PDF, but nothing more. No extra clicks or permissions are needed. The researcher found malicious samples using this exploit dating back to November 11, 2025.\\n\\nTesting showed that a successful exploitation can:\\n\\n * Pull in JavaScript from a remote server and execute it inside Adobe Reader.\\n * Steal arbitrary local files and send them out, proving real\u2011world data theft is possible even without a full remote code execution chain.\\n\\n\\n\\n## How to stay safe\\n\\nThe easiest way to stay safe is to install the emergency update.\\n\\nThe latest product versions are available to end users via one of the following methods: \\n\\n * **Manually:** Go to Help \\u003e Check for updates\\n * **Automatically:** Updates install without user intervention when detected\\n * **Direct download:** Available from the Acrobat Reader Download Center\\n\\n\\n\\nFor IT administrators (managed environments):\\n\\n * Refer to the relevant release notes for installer links\\n * Deploy updates using AIP-GPO, bootstrapper, SCUP\/SCCM (Windows), or Apple Remote Desktop\/SSH (macOS)\\n\\n\\n\\nIf you\u2019re unable or unwilling to update right away:\\n\\n * Be extra cautious with PDFs from unknown senders or unexpected attachments, even after patching, as attackers may pivot to new variants. \\n * Use an up-to-date, real-time anti-malware solution to block known malicious servers and detect malware and exploits.\\n * Carefully monitor all HTTP\/HTTPS traffic for the \\”Adobe Synchronizer\\” string in the User Agent field.\\n\\n\\n\\n* * *\\n\\n**We don\u2019t just report on threats\u2014we remove them**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.”,”published”:”2026-04-13T11:38:36″,”modified”:”2026-04-13T11:38:36″,”type”:”malwarebytes”,”title”:”Simply opening a PDF could trigger this Adobe Reader zero-day”,”source”:””,”references”:””,”id”:”MALWAREBYTES:DDF291B8303C8EA6C638399470C04A54″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[“CVE-2026-34621″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:8.6,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:L\/AC:L\/PR:N\/UI:R\/S:C\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2026\/04\/simply-opening-a-pdf-could-trigger-this-adobe-reader-zero-day”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-04-13T14:10:58″,”description”:”Opening the wrong PDF in Adobe Reader was enough to let criminals quietly spy on your computer and unleash more attacks, even though everything looked…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,81,12,15,115,13,7,11,5],"class_list":["post-46273","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-86","tag-exploit","tag-high","tag-malwarebytes","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nSimply opening a PDF could trigger this Adobe Reader zero-day_MALWAREBYTES:DDF291B8303C8EA6C638399470C04A54 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=46273\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Simply opening a PDF could trigger this Adobe Reader zero-day_MALWAREBYTES:DDF291B8303C8EA6C638399470C04A54 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-04-13T14:10:58″,”description”:”Opening the wrong PDF in Adobe Reader was enough to let criminals quietly spy on your computer and unleash more attacks, even though everything looked...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=46273\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-13T09:48:45+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=46273#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=46273\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"Simply opening a PDF could trigger this Adobe Reader zero-day_MALWAREBYTES:DDF291B8303C8EA6C638399470C04A54\",\"datePublished\":\"2026-04-13T09:48:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=46273\"},\"wordCount\":603,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-8.6\",\"exploit\",\"HIGH\",\"malwarebytes\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=46273#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=46273\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=46273\",\"name\":\"Simply opening a PDF could trigger this Adobe Reader zero-day_MALWAREBYTES:DDF291B8303C8EA6C638399470C04A54 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-04-13T09:48:45+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=46273#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=46273\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=46273#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Simply opening a PDF could trigger this Adobe Reader zero-day_MALWAREBYTES:DDF291B8303C8EA6C638399470C04A54\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Simply opening a PDF could trigger this Adobe Reader zero-day_MALWAREBYTES:DDF291B8303C8EA6C638399470C04A54 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=46273","og_locale":"en_US","og_type":"article","og_title":"Simply opening a PDF could trigger this Adobe Reader zero-day_MALWAREBYTES:DDF291B8303C8EA6C638399470C04A54 - zero redgem","og_description":"{“lastseen”:”2026-04-13T14:10:58″,”description”:”Opening the wrong PDF in Adobe Reader was enough to let criminals quietly spy on your computer and unleash more attacks, even though everything looked...","og_url":"https:\/\/zero.redgem.net\/?p=46273","og_site_name":"zero redgem","article_published_time":"2026-04-13T09:48:45+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=46273#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=46273"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"Simply opening a PDF could trigger this Adobe Reader zero-day_MALWAREBYTES:DDF291B8303C8EA6C638399470C04A54","datePublished":"2026-04-13T09:48:45+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=46273"},"wordCount":603,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-8.6","exploit","HIGH","malwarebytes","news","Security","tapic","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=46273#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=46273","url":"https:\/\/zero.redgem.net\/?p=46273","name":"Simply opening a PDF could trigger this Adobe Reader zero-day_MALWAREBYTES:DDF291B8303C8EA6C638399470C04A54 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-04-13T09:48:45+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=46273#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=46273"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=46273#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"Simply opening a PDF could trigger this Adobe Reader zero-day_MALWAREBYTES:DDF291B8303C8EA6C638399470C04A54"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/46273","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=46273"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/46273\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=46273"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=46273"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=46273"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}