Patch d'urgence: Adobe katsalleh Zero-Day khtir f Acrobat Reader (CVE-2026-34621)
Patch d'urgence: Adobe katsalleh Zero-Day khtir f Acrobat Reader (CVE-2026-34621)
Khulasa (TL;DR)
Adobe kherjat tahditat amniya dyal l-urjanse bach t'alaj CVE-2026-34621، li hwa mouchkil khtir dyal "prototype pollution" f Acrobat u Reader. Had l-khalal, li t-staghalla f l-waqui3 mn dushambir 2025, kismouh b 'arbitrary code execution' (khidat l-uamir l-makhbouta). Kan-neshou l-mustakhdimin f Windows u macOS idiru l-mizajur l-akhira f aqrab waqt.
Nadra 'amma 'ala CVE-2026-34621
Adobe tlqat tashi-h 'ajil l-wahed l-khagha khtir f l-logiciel dyalha l-ma'rouf Acrobat u Reader. Had l-mouchkil l-id dyalu hwa CVE-2026-34621 u 'andu skôr dyal CVSS wassel l-8.6 mn 10.0.
Had l-khagha dakhla f l-fasi-la dyal prototype pollution. Had l-naw' l-khas dyal l-mashakil l-amniya f JavaScript kikhalli l-hacker it-manipula l-objets u l-khassa-iss dyal l-application. F l-hala dyal Adobe Reader, ila t-staghalla had l-mouchkil b-najah, l-hacker iqdder itjawz l-houdoud l-amniya u ikhddem koud khtir f l-jihaz li t-stahdaf.
Stighlal f-l-waqui3 (Active Exploitation)
Hadchi machi ghi ihtimal nadari; Adobe i'tarfat rasmiyan bli had l-khagha rah kitchadd fih l-khidma f l-waqui3 (exploited in the wild). Had l-mizajur jat b'd l-taqarir dyal Haifei Li, l-bahit f l-amn l-ma'lumati u l-mou'assis dyal EXPMON, li kshaf tafassil 'ala stighlal mn naw' zero-day.
'Ala hsab l-bahitin, l-khit-a katkhdem mlli chi mustakhdim kikhall PDF mssawer khsisan bach ikhdm koud JavaScript khtir. Kaynin dlayl bli haduk li kigrisiw (threat actors) bdaw kikhdmou b had l-khagha mn dushambir 2025.
F l-bediya, kan nqiach 'ala l-at-ar dyal had l-bug. Wakha chi taqyimāt l-lowla galt bli iqdder ikun ghi fih tissrib l-maloumat, Adobe u l-bahitin dyal EXPMON akdou bli had l-khagha iqdder i-oussal l-arbitrary code execution (ACE) (ya'ni l-hacker ikhddem ay koud bgha).
Tafassil Tiqniya u Muraja'at l-Skôr
B'd l-ikchaf l-awal, Adobe raj'at l-bayan l-amni dyalha f 12 abril 2026. Had l-muraja'a kan fih-ha juj dyal l-taghyirat l-muhimma:
- T'dil l-Skôr dyal CVSS: L-skôr hbet mn 9.6 l- 8.6.
- Attack Vector (Tariqat l-hujum): T-badal l-tassnif mn "Réseau" (Network/AV:N) l- "Local" (AV:L), hit l-amr kiy-t-leb mn l-mustakhdim it-fat' ma' chi fichié khtir f jihazu.
L-muntajat li m-adrira
Had l-khagha kat-at-ar 'ala l-versions dyal Windows u macOS dyal had l-muntajat:
- Acrobat DC / Acrobat Reader DC: Versions 26.001.21367 u li qbel.
- Acrobat 2024: Versions 24.001.30356 u li qbel.
L-hal: L-mizajur l-darouriya
Adobe kherjat had l-patchat bach t-hall l-mouchkil. L-mustakhdimin khasshoum it-akdou bli l-logiciel dyalhoum m-updati l-had l-versions (aw ma k-tar):
| Muntaj | l-Platform | l-Version li mssalha |
|---|---|---|
| Acrobat DC / Reader DC | Windows & macOS | 26.001.21411 |
| Acrobat 2024 | Windows | 24.001.30362 |
| Acrobat 2024 | macOS | 24.001.30360 |
Khilassa
L-iktichaf dyal CVE-2026-34621 kibayyen l-khatar l-mustamir dyal l-fichiét PDF l-malghouma. Hit had l-khagha katsmeh b khidat l-uamir l-makhbouta u rah m-staghalla déjà mn taraf l-hackers, l-update l-fawriya hiya l-hima-ya l-wahida li moumtika. Khass l-moudirin dyal l-andit-ma u l-mustakhdimin l-'adiyin i-shoufou l-version dyal Adobe li 'andhoum u idiru had l-mizajur d l-urjanse bach ihmiw ryoushoum mn l-ikhtiraq.
L-masdar: https://thehackernews.com/2026/04/adobe-patches-actively-exploited.html