Adobe has fixed a zero-day vulnerability in its PDF software that attackers exploited for months before a patch was released. The flaw allowed hackers to execute malicious code on affected systems when users opened specially crafted PDF files. Security researchers say the campaign began at least six months ago, with evidence pointing to active exploitation since November 2025.
The bug was discovered by researchers at Google’s Threat Analysis Group, who reported it to Adobe in early March. Adobe acknowledged the issue in a security bulletin published Monday and issued an emergency update for Acrobat Reader and other affected products. The company did not provide details on how many users may have been compromised, stating only that the risk was limited to users running outdated software.
The attack relied on social engineering tactics, tricking victims into opening malicious PDF files delivered via phishing emails or malicious websites. Once opened, the files exploited the vulnerability to install spyware or ransomware without requiring additional user interaction. Cybersecurity firm Mandiant confirmed seeing the exploit in the wild, noting it targeted organizations in North America and Europe.
Adobe urged all users to install the latest updates immediately. The company emphasized that unpatched versions of Acrobat Reader remain vulnerable to known attacks. Experts recommend disabling PDFs from unknown sources and using updated antivirus tools as temporary mitigations until patches are applied.
This incident follows a pattern of increasing attacks on widely used software. Earlier this year, similar zero-day flaws in Microsoft Office and Google Chrome were exploited by state-backed hacking groups.
Source: techcrunch.com