"The sample acts as an initial exploit with the capability to collect and leak various types of information, potentially followed by remote code execution (RCE) and sandbox escape (SBX) exploits."
"It abuses zero-day/unpatched vulnerability in Adobe Reader that allows it to execute privileged Acrobat APIs, and it is confirmed to work on the latest version of Adobe Reader."
"This mechanism could be used to collect local data, perform advanced fingerprinting attacks, and set the stage for follow-on activity, including delivering additional exploits to achieve code execution or sandbox."
A zero-day vulnerability in Adobe Reader has been exploited since December 2025 using malicious PDF files. The exploit, detailed by EXPMON's Haifei Li, involves social engineering tactics to lure users. The PDF documents execute obfuscated JavaScript to collect sensitive data and potentially allow remote code execution. The exploit abuses unpatched vulnerabilities in Adobe Reader, confirmed to work on the latest version. It can exfiltrate data to a remote server and may facilitate further exploits, although the specifics of subsequent attacks remain unclear.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]