PDF Feature ‘Certified’ Widely Vulnerable to Attack
#1
Information 
Quote:Certified portable document format (PDF) files are used to securely sign agreements between two parties while keeping the contents’ integrity protected, but a new report found the security protections on most certified PDF applications were inadequate and left organizations exposed to a number of attacks.
 
Researchers from Ruhr University Bochum explained certified PDFs use two specific signatures to authenticate the document, an Approval signature and a Certification signature. Certification signatures are the more flexible and made to handle complicated agreements between multiple parties and allow some changes to the document within a set of parameters while still maintaining its validity.

Unsurprisingly, Certified signatures are where the team found vulnerabilities to two specific novel attacks they dubbed, “Evil Annotation” (EAA) and “Sneaky Signature” (SSA). Both allow an attacker to overlay malicious content (PDF) on top of the certified information without showing any signs it was altered.
 
EAAs display malicious content in the document’s annotations and then sends it on with its digital signature intact. SSAs add malicious content over legitimate content in the PDF itself.
 
The team said the results of its evaluation of the 26 most popular PDF applications were “alarming.”
 
“In only 2 cases, we could not find a vulnerability; 15 viewers were vulnerable to EAA, 8 to SSA, including Adobe, Foxit, and LibreOffice,” the report said. “We additionally analyzed the standard-compliant implementation of PDF certification applications and found issues in 11 of them.”

Read more: PDF Feature ‘Certified’ Widely Vulnerable to Attack | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
ESET 19.2.7.0
Changes in 19.2.7....harlan4096 — 07:45
Mozilla Firefox Browser 152.0.4
Mozilla Firefox Br...harlan4096 — 07:44
Avast 26.6.11052 & AVG 26.6.11052
Avast 26.6.11052: ...harlan4096 — 07:43
AnyDesk 8.0.4 for Linux
Version 8.0.4 for ...harlan4096 — 07:40
Rufus 4.15
Rufus 4.15 (stable...harlan4096 — 07:39

[-]
Birthdays
Today's Birthdays
avatar (43)uapedDow
avatar (47)suiscced
avatar (48)Angarpaf
avatar (41)clarissalo60
Upcoming Birthdays
avatar (47)dapedDow
avatar (49)TromPerl
avatar (46)RidgeDimb
avatar (37)ipumaqar
avatar (51)tanliorsPeri
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (48)ConradRoand
avatar (39)boineDon
avatar (51)spoofTum
avatar (50)WillieVot
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (41)optsaZes
avatar (40)RaymondViata
avatar (40)ywixazok
avatar (38)ixoqe
avatar (56)Step 1
avatar (36)pa.OpenTran

[-]
Online Staff
harlan4096's profile harlan4096
Administrator

>