Adobe Reader users beware – experts flag month-old security flaw using booby-trapped PDFs to explore victims

Experts find that Adobe Reader is affected by dangerous zero-day exploits
Malicious PDFs enable data theft and possible full takeover
Patch pending, users urged to avoid untrusted files

Adobe Reader users have been warned to be wary of unsolicited documents coming in via email and social channels, as the popular PDF reader is vulnerable to a zero-day flaw that allows hackers to steal sensitive files and, in some scenarios, even take over your device entirely.

Security researcher Haifei Li found that a “highly sophisticated, fingerprint-like PDF exploit” has been exploited in the wild since December 2025, with attacks still currently underway.

“This ‘fingerprint’ exploit has been confirmed to exploit a zero-day/unpatched vulnerability that works on the latest version of Adobe Reader without requiring any user interaction beyond opening a PDF file,” Li said. “Even more concerning, this exploit allows the threat actor to not only collect/steal local information, but also potentially launch subsequent RCE/SBX attacks, which could lead to full control of the victim’s system.”

The article continues below

Targeting Russians

A separate report by an analyst with the alias Gi7w0rm says that the PDF decoy used in these attacks refers to ongoing events in the Russian oil and gas industry and that it was written in Russian, suggesting who the targets may be.

Adobe has not yet released a patch to fix this issue, and until that happens, all Adobe Reader users are advised not to open PDF documents from untrusted contacts.

Bleeping Computer notes that network defenders can also mitigate attacks that exploit this vulnerability by monitoring and blocking HTTP/HTTPS traffic with the “Adobe Synchronizer” string in the User-Agent header.

“This zero-day/unpatched capability for broad information gathering and the potential for subsequent RCE/SBX exploitation is enough for the security community to remain on high alert. That’s why we’ve chosen to publish these findings immediately so users can remain vigilant,” the researcher concluded.

Sign up for the TechRadar Pro newsletter to get all the best news, opinions, features and guidance your business needs to succeed!

The best antivirus for all budgets

Our top picks are based on real-world tests and comparisons

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!

And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.

Must Read

Leave a Comment Cancel Reply