>_AYSOLI
All Advisories
CRITICAL 2026-04-11

CRITICAL: Unpatched Zero-Day Vulnerability in Adobe Reader (Actively Exploited)

A critical zero-day vulnerability in Adobe Acrobat Reader allows attackers to steal sensitive data and execute malicious code simply by opening a PDF file. Currently, no official security update (patch) exists.

What happened?

A zero-day vulnerability has been discovered in the globally used Adobe Acrobat Reader software, which is already being actively exploited in cyberattacks. The exploit targets a flaw within Adobe's JavaScript engine.

As soon as a user opens a specifically crafted PDF file, the malware utilizes privileged interfaces (APIs such as util.readFileIntoStream) to access the local file system. It can covertly read files and transmit them to external servers via an integrated feed function. Since the attack triggers upon opening the document—without requiring the user to click any links or provide further input—the success rate for phishing campaigns is extremely high.

Who is affected?

  • All Windows users running Adobe Acrobat Reader or Adobe Acrobat Pro.
  • SMEs in CH/FL: Departments with a high volume of external documents (Human Resources/HR, Accounting, Procurement) are particularly at risk.
  • Specifics: While early campaigns featured Russian-language decoys (Oil & Gas sector), the exploit can be adapted at any time for general "invoice phishing" waves targeting Switzerland and Liechtenstein.

What needs to be done?

Since no patch is currently available, SMEs must implement immediate protective measures (workarounds):
  • 1.Temporary Software Switch: Use alternative PDF viewers for the time being (e.g., the integrated PDF viewers in Google Chrome, Microsoft Edge, or Firefox). These generally do not support the affected Adobe-specific JavaScript functions.
  • 2.Disable JavaScript: If Adobe Reader must be used, disable JavaScript entirely:
  • Menu → Edit → Preferences → JavaScript → Uncheck 'Enable Acrobat JavaScript'.
  • 3.Sharpen Email Filters: Configure your email gateway to strictly inspect PDF attachments from unknown or external sources or open them in an isolated sandbox environment.
  • 4.Warn Employees: Sensitize your team to avoid opening PDF documents from unknown senders (especially supposed invoices or applications) until further notice.
  • 5.Monitoring: Monitor outgoing network traffic for suspicious connections to unknown IP addresses immediately after documents are opened.
This advisory is for informational purposes. As soon as Adobe releases a security update, we will inform you immediately regarding the installation steps.