Adobe Acrobat Reader Faces Unpatched Zero-Day Flaw Enabling Sensitive Data Theft from Malicious PDFs

BleepingComputer reports a critical flaw in Adobe Acrobat Reader that attackers can use to access confidential information.

According to security expert Haifei Li, cybercriminals have exploited this advanced PDF-based technique, resembling fingerprinting, starting from December—spanning more than four months now.

Li notes that the method relies on an unpatched zero-day issue affecting the most recent Adobe Reader version, activating solely upon viewing a PDF with no further user input needed. Alarmingly, it enables attackers to gather local data and possibly initiate remote code execution or sandbox escape maneuvers, potentially granting complete access to the affected device.

Essentially, simply accessing a compromised PDF can leave a user's computer vulnerable to intrusion, allowing data extraction or arbitrary code deployment for total system dominance.

Adobe Reader users should refrain from viewing PDFs from unreliable origins until a fix is released—a prudent practice regardless of this specific risk.

The piece first ran in our affiliate outlet PC för Alla, adapted and translated from its Swedish version.

Mikael covers developments in various consumer technology sectors. With past experience at Macworld, he now focuses on contributions to affiliated platforms like PC för Alla and M3, staying well-informed on new device launches, streaming platform updates, and emerging AI technologies.