ADOBE PATCHES ZERO-DAY EXPLOITED FOR 4 MONTHS

The vulnerability affected three of Adobe's most widely used document applications, leaving millions of users exposed to potential attacks during the exploitation window. Adobe did not immediately disclose additional technical details about the flaw, including its CVSS severity score or the specific attack methods used. The company typically provides comprehensive vulnerability information in its monthly security bulletins. The four-month exploitation period represents a significant gap between when attackers first leveraged the flaw and when Adobe released patches. This timeline suggests the vulnerability may have been discovered through in-the-wild attacks rather than responsible disclosure channels. Users of Acrobat DC, Reader DC, and Acrobat 2024 should prioritize applying the available patches. Adobe recommends updating to the latest versions of these applications immediately. This incident underscores ongoing security challenges in widely deployed software. PDF readers remain frequent targets for exploitation, as they process untrusted documents from external sources. Attackers commonly use malicious PDFs as entry points for system compromise. Adobe has faced multiple zero-day disclosures in recent years across its product portfolio. The company maintains a bug bounty program and works with security researchers to identify and patch vulnerabilities before public exploitation. Organizations using these Adobe applications should verify patch deployment across their environments and monitor for any signs of compromise during the four-month window when the flaw was exploited in the wild.