Adobe Reader users beware — experts flag months-old security flaw using booby-trapped PDFs to scope out victims

News
By published

Adobe Reader contains a dangerous zero-day

PDF
(Image credit: Varonis)
  • Experts find Adobe Reader hit by dangerous zero‑day exploit
  • Malicious PDFs enable data theft and possible full takeover
  • Patch pending, users urged to avoid untrusted files

Adobe Reader users have been warned to be careful with unsolicited documents coming in via email and social channels, as the popular PDF reader is vulnerable to a zero-day flaw whicht allows hackers to steal sensitive files and, in some scenarios, to even fully take over your device.

Security researcher Haifei Li found a “highly sophisticated, fingerprinting-style PDF exploit” being leveraged in the wild since December 2025, with attacks still currently ongoing.

"This 'fingerprinting' exploit has been confirmed to leverage a zero-day/unpatched vulnerability that works on the latest version of Adobe Reader without requiring any user interaction beyond opening a PDF file," Li said. "Even more concerning, this exploit allows the threat actor to not only collect/steal local information but also potentially launch subsequent RCE/SBX attacks, which could lead to full control of the victim's system."

Article continues below

Targeting Russians

A separate report from an analyst with the alias Gi7w0rm says that the PDF lure being used in these attacks references ongoing events in the Russian oil and gas industry, and that it was written in Russian, suggesting who the targets might be.

Adobe is yet to release a patch to address this issue, and until that happens all Adobe Reader users are advised not to open PDF documents from untrusted contacts.

BleepingComputer notes network defenders can also mitigate attacks exploiting this vulnerability by monitoring and blocking HTTP/HTTPS traffic with the “Adobe Synchronizer” string in the User-Agent header.

"This zero-day/unpatched capability for broad information harvesting and the potential for subsequent RCE/SBX exploitation is enough for the security community to remain on high alert. This is why we have chosen to publish these findings immediately so users can stay vigilant," the researcher concluded.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.