Flash news!! Cyber Security researchers have disclosed two new attack techniques on Certified pdf’s without invalidating its signatures.Tweet
Cyber security researchers from Ruhr-University Bochum has reported two new attack techniques on certified PDF documents where an attacker can display malicious content on top the certified contents without invalidating its signatures.
The research papers were presented at 42nd IEEE symposium on security and privacy which held this week. The researchers has systematically analyzed the PDF and identified two techniques named ” Evil Annotation and Sneaky Signature Attacks”.
The researcher stated “The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents under different permission levels. Our practical evaluation shows that an attacker could change the visible content in 15 of 26 viewer applications by using EAA and in 8 applications using SSA by using PDF specification compliant exploits. We improved both attacks’ stealthiness with applications’ implementation issues and found only two applications secure to all attacks.“
The researchers have reported these vulnerabilities to relevant vendors and stated” Together with the CERT-Bund (BSI), The attacks are documented in CVE-2020-35931, CVE-2021-28545 and CVE-2021-28546.”
–-For more Cyber security news in crisp content . Please follow our site