Attacks on PDF certification

At the „IEEE Sym­po­si­um on Se­cu­ri­ty and Pri­va­cy 2021“ we pu­blis­hed a new paper on PDF se­cu­ri­ty: „Brea­king the Spe­ci­fi­ca­ti­on: PDF Cer­ti­fi­ca­ti­on„.

We pre­sent two novel at­tacks on cer­ti­fied do­cu­ments: Sne­aky Si­gna­tu­re and Evil An­no­ta­ti­on At­tack. We also de­mons­tra­te how an at­ta­cker can gain rights to exe­cu­te ar­bi­tra­ry Ja­va­Script code in Adobe Acro­bat.

More in­for­ma­ti­on can be found on pdf-in­se­cu­ri­ty.​org and in our blog­post „At­tacks on PDF Cer­ti­fi­ca­ti­on„.