Adobe has issued an urgent security update on April 14, 2026, to tackle several vulnerabilities in Acrobat and Reader software for both Windows and macOS platforms. This latest bulletin emphasizes the need for immediate action to prevent potential exploitation.
Understanding the Security Threat
According to Adobe’s advisory, these vulnerabilities could permit attackers to execute arbitrary code or access unauthorized files on targeted systems. Although the vulnerabilities are considered highly severe, there have been no reports of active exploits to date.
The risk of arbitrary code execution is significant, especially in document readers. Attackers often use phishing tactics, sending malicious PDFs that, when opened, can install malware or extract sensitive data, potentially compromising entire networks.
Details of the Vulnerabilities
The security patch addresses two main vulnerabilities, classified under the category of Prototype Pollution (CWE-1321). This flaw occurs when scripts alter standard object behavior, potentially bypassing security measures.
The vulnerabilities include CVE-2026-34622, assigned a high CVSS score of 8.6, which allows code execution in the user’s context. This was reported by a security expert from Zscaler known as YH. Additionally, CVE-2026-34626, with a CVSS score of 6.3, enables unauthorized file reads, as discovered by researcher greenapple.
Impacted Software Versions and Recommended Actions
These security flaws affect various versions of Adobe’s PDF software on Windows and macOS. Specifically, affected versions include Acrobat DC and Acrobat Reader DC (Continuous Track) up to version 26.001.21411, and Acrobat 2024 (Classic Track) up to versions 24.001.30362 for Windows and 24.001.30360 for macOS.
Adobe advises users to upgrade to versions 26.001.21431 for the Continuous Track and 24.001.30365 for the Classic 2024 Track. Users can update their installations by accessing the ‘Check for Updates’ option in the application help menu, or rely on automatic updates if enabled.
For enterprise environments, updates can be deployed using administrative tools like SCCM for Windows or Apple Remote Desktop for macOS. Ensuring that software is up-to-date is crucial to protect against potential threats.
Keeping abreast of the latest cybersecurity news is vital. Follow us on platforms like Google News, LinkedIn, and X for regular updates on cybersecurity developments.
