Adobe has released patches for a zero-day vulnerability in Acrobat DC, Reader DC, and Acrobat 2024 that attackers actively exploited for at least four months before disclosure.
The vulnerability affected three of Adobe's most widely used document applications, leaving millions of users exposed to potential attacks during the exploitation window.
Adobe did not immediately disclose additional technical details about the flaw, including its CVSS severity score or the specific attack methods used. The company typically provides comprehensive vulnerability information in its monthly security bulletins.
The four-month exploitation period represents a significant gap between when attackers first leveraged the flaw and when Adobe released patches. This timeline suggests the vulnerability may have been discovered through in-the-wild attacks rather than responsible disclosure channels.
Users of Acrobat DC, Reader DC, and Acrobat 2024 should prioritize applying the available patches. Adobe recommends updating to the latest versions of these applications immediately.
This incident underscores ongoing security challenges in widely deployed software. PDF readers remain frequent targets for exploitation, as they process untrusted documents from external sources. Attackers commonly use malicious PDFs as entry points for system compromise.
Adobe has faced multiple zero-day disclosures in recent years across its product portfolio. The company maintains a bug bounty program and works with security researchers to identify and patch vulnerabilities before public exploitation.
Organizations using these Adobe applications should verify patch deployment across their environments and monitor for any signs of compromise during the four-month window when the flaw was exploited in the wild.
Caller ID service Truecaller is pushing back against India's telecom regulator over new anti-spam regulations, claiming users are increasingly blocking calls from the country's dedicated business number series.
Telstra customers faced a second day of disruptions Thursday as a secondary outage prevented some from reaching triple-zero emergency services. Regional train services remained affected following Wednesday's initial mobile network failure.
Australia's government has instructed volunteers to discard thousands of functional test routers despite the devices being capable of being reflashed for continued use.
A lawsuit alleges a man used X's Grok AI to create approximately 7,000 sexually explicit images of his stepdaughter before taking his own life. Multiple young girls are now suing X, claiming the platform failed to prevent the abuse.