Full Report
Adobe Acrobat security advisory (AV26-340)
Analysis Summary
# Vulnerability: Adobe Acrobat and Reader Critical Memory Corruption
## CVE Details
- **CVE ID:** CVE-2026-34621
- **CVSS Score:** 7.8 (High) - *Estimated based on typical critical memory corruption ratings; official score pending at time of advisory.*
- **CWE:** Not explicitly listed (typically associated with CWE-416 Use After Free or CWE-119 Buffer Overflow).
## Affected Systems
- **Products:** Adobe Acrobat (Standard/Pro), Acrobat DC, and Acrobat Reader DC.
- **Versions:**
- Acrobat Mac: Versions prior to 24.001.30360
- Acrobat Windows: Versions prior to 24.001.30362
- Acrobat DC: Versions prior to 26.001.21411
- Acrobat Reader DC: Versions prior to 26.001.21411
- **Configurations:** Default installations on Windows and macOS.
## Vulnerability Description
CVE-2026-34621 is a critical memory corruption vulnerability. While the advisory does not specify the exact mechanism, such flaws in Adobe Acrobat usually involve the improper handling of objects in memory during the parsing of malicious PDF content. Successful exploitation allows an attacker to execute arbitrary code (RCE) in the context of the current user.
## Exploitation
- **Status:** **Exploited in the wild.** Active exploitation has been reported.
- **Complexity:** Medium (requires user interaction to open a malicious file).
- **Attack Vector:** Network (Remote via malicious PDF).
## Impact
- **Confidentiality:** High (Full access to user data)
- **Integrity:** High (Execution of unauthorized commands)
- **Availability:** High (Potential for system crash or persistent malware)
## Remediation
### Patches
Adobe recommends updating to the following versions or higher:
- **Acrobat Mac:** 24.001.30360
- **Acrobat Windows:** 24.001.30362
- **Acrobat/Reader DC:** 26.001.21411
Updates can be applied via the application's internal update mechanism: `Help > Check for Updates`.
### Workarounds
- **Strict PDF Handling:** Disable the "Open PDF in Browser" functionality to prevent automatic execution of web-based PDFs.
- **Protected Mode:** Ensure Adobe "Protected Mode" and "Enhanced Security" (Sandboxing) are enabled in the application preferences.
## Detection
- **Indicators of Compromise:** Unusual child processes spawned by `Acrobat.exe` or `AcrobatReader.exe` (e.g., `cmd.exe` or `powershell.exe`).
- **Detection methods and tools:** Use EDR (Endpoint Detection and Response) tools to monitor for crashes in Adobe processes followed by unexpected network activity.
## References
- **Vendor Advisory (APSB26-43):** hxxps[://]helpx[.]adobe[.]com/security/products/acrobat/apsb26-43[.]html
- **Adobe Security Document:** hxxps[://]helpx[.]adobe[.]com/security[.]html
- **CCCS Bulletin:** hxxps[://]www[.]cyber[.]gc[.]ca/en/alerts-advisories/adobe-acrobat-security-advisory-av26-340