At the „IEEE Symposium on Security and Privacy 2021“ we published a new paper on PDF security: „Breaking the Specification: PDF Certification„.
We present two novel attacks on certified documents: Sneaky Signature and Evil Annotation Attack. We also demonstrate how an attacker can gain rights to execute arbitrary JavaScript code in Adobe Acrobat.
More information can be found on pdf-insecurity.org and in our blogpost „Attacks on PDF Certification„.