Zero-Day Vulnerability in Adobe Reader Actively Exploited in the Wild for Months

A zero-day vulnerability in Adobe Reader was actively exploited in the wild for months to deliver a sophisticated PDF-based exploit. Cybersecurity researcher Haifei Li, founder of Expmon, discovered the malicious PDF file and alerted the security community on March 26. The exploit leverages an unpatched flaw in Adobe Reader, though no CVE identifier was specified in the report. The attack involved malicious PDFs, indicating targeted or widespread distribution to compromise systems. No specific victim details or geographic targeting were disclosed. The discovery highlights ongoing risks from unpatched Adobe Reader vulnerabilities in real-world attacks.