Attacks on PDF Certification

25.05.2021 - Simon Rohlmann

At the "IEEE Symposium on Security and Privacy 2021" we published a new paper on PDF security: "Breaking the Specification: PDF Certification".

We present two novel attacks on certified documents: Sneaky Signature and Evil Annotation Attack. We also demonstrate how an attacker can gain rights to execute arbitrary JavaScript code in Adobe Acrobat.

More information can be found on pdf-insecurity.org and in our blogpost "Attacks on PDF Certification"

tags: certification, PDF, pdf-security, pdf-signatures