Adobe Reader Zero-Day Exploited Since December

That PDF your colleague just sent you? You might want to think twice before opening it. Security researchers discovered attackers have been exploiting a zero-day vulnerability in Adobe Reader for the past four months.

Here's what's happening: Since December 2025, hackers have been using specially crafted PDF files to break into computers. When you open one of these infected PDFs in Adobe Reader or Acrobat, the attackers can run malicious code on your machine.

You read that right. Four months.

Why This Matters Right Now

You probably use PDFs every day. Invoices, contracts, reports - they're the universal format for sharing documents. That's exactly why this vulnerability is so dangerous.

The attack works like this: Someone sends you what looks like a normal PDF. Maybe it's disguised as a quarterly report or a shipping receipt. You open it in Adobe Reader. That's all it takes. The vulnerability lets attackers execute code on your computer without you clicking anything else.

Multiple cybersecurity publications reported the exploitation campaign in April 2026, according to BleepingComputer and SecurityWeek. But the attacks have been happening since December.

Four months of active exploitation before anyone noticed. That's the scary part.

Who's at Risk?

If you have Adobe Reader or Adobe Acrobat installed, you're vulnerable. That's most of us.

Security researchers identified ongoing exploitation through targeted PDF campaigns. The word "targeted" matters here. This isn't random spray-and-pray malware. Attackers are choosing their victims.

Think about who might target you with a malicious PDF:

• A competitor wanting your business plans
• Cybercriminals after your banking credentials
• Nation-state actors interested in your employer's data

The vulnerability affects both Adobe Reader and Acrobat products. If you use either one to open PDFs, you need to pay attention.

What Adobe Isn't Telling You Yet

Here's what we don't know: When will Adobe patch this?

The company hasn't announced a timeline. They haven't even confirmed the vulnerability publicly. Meanwhile, attackers keep exploiting it.

This silence creates a problem. You can't patch what hasn't been fixed. You can't update to a version that doesn't exist yet.

Zero-day vulnerabilities get their name because defenders have "zero days" to prepare before attacks start. But this one's been active for months. Every PDF you open could be the one.

Here's the Move

You can't wait for Adobe. Here's what to do today:

First, change how you handle PDFs. Don't open PDFs directly in Adobe Reader unless you absolutely trust the source. And I mean really trust - not just "this email looks legitimate."

Second, use your browser instead. Chrome, Firefox, and Edge all have built-in PDF viewers. They're not perfect, but they add a layer of separation between the PDF and your system. Upload suspicious PDFs to Google Drive or Office 365 and view them there.

Third, enable Protected Mode if you must use Adobe Reader. Go to Edit > Preferences > Security (Enhanced) and check "Enable Protected Mode at startup." It's not foolproof against zero-days, but it's better than nothing.

Finally, watch for Adobe's security bulletin. Check Adobe's security page daily. When the patch drops, install it immediately. Not tomorrow. Not after lunch. Immediately.

This vulnerability has been in the wild since December. Every day you wait is another day you're exposed.

The move? Stop treating PDFs like they're harmless. They're not. Not anymore.

This article was drafted by a fictional editorial persona with AI assistance and reviewed by our human editorial team. Sources are cited throughout. How we use AI · Editorial standards