Adobe Patches Actively Exploited Zero-Day That Lingered for Months
An attacker has been using maliciously crafted PDF files to exploit a zero-day in Adobe Acrobat and Reader for at least four months.
Adobe develops creative, document, and commerce software, making its vulnerabilities and security advisories relevant to users and connected systems.
Search across headline titles and summaries.
Background for this topic.
Adobe software encompasses applications that create, view, and edit complex file formats such as PDFs, images, and multimedia. These files often contain embedded scripts, interactive elements, or executable code, which can introduce vulnerabilities when processed by Adobe products. Attackers exploit flaws in file parsing or script execution to trigger memory corruption or remote code execution, potentially compromising systems that open maliciously crafted files.
Security risks focus on timely patching of vulnerabilities in Adobe readers, editors, and browser plugins to prevent exploitation. Organizations should restrict file access, especially from untrusted sources, and monitor for suspicious activity related to Adobe file handling. Maintaining updated software and applying vendor advisories promptly reduces exposure to targeted attacks leveraging Adobe’s complex file processing capabilities.
Weekly headline count for the current query.
An attacker has been using maliciously crafted PDF files to exploit a zero-day in Adobe Acrobat and Reader for at least four months.
CVE-2025-54236 is a critical flaw in Adobe Commerce (formerly Magento) that allows attackers to remotely take over sessions on the e-commerce platform.
Adobe patched CVE-2023-26360 in March amid active exploit activity targeting the flaw.
CISA flags use-after-free bug now being exploited in the wild.
The vulnerability was being exploited in the wild, targeting two versions of Adobe ColdFusion.
CISA’s Known Exploited Vulnerabilities Catalog has become a valuable repository of vulnerabilities to be patched. A pair of reports analyze the vulnerabilities under attack to understand the kind of threats organizations should be prioritizing.
Microsoft flagged the company's Subzero tool set as on offer to unscrupulous governments and shady business interests.