Vul­nerabi­li­ty Re­port: At­tacks by­pas­sing the si­gna­tu­re va­li­da­ti­on in PDF

Vla­dis­lav Mla­de­nov, Chris­ti­an Main­ka, Kars­ten Meyer zu Sel­hau­sen, Mar­tin Gro­the, Jörg Schwenk


Ab­stract

As part of our cur­rent re­se­arch, we ana­ly­zed si­gna­tu­re va­li­da­ti­on pro­ces­sing on PDF files. In the fol­lowing re­port, we pre­sent three novel at­tack clas­ses: Uni­ver­sal Si­gna­tu­re For­ge­ry (USF), In­cre­men­tal Sa­ving At­tack (ISA), and Si­gna­tu­re Wrap­ping At­tack (SWA). Each at­tack al­lows an at­ta­cker to ste­alt­hi­ly ma­ni­pu­la­te the con­tent of a si­gned PDF wi­thout in­va­li­da­ting the si­gna­tu­re, the­re­by brea­king the do­cu­ment in­te­gri­ty pro­tec­tion. We suc­cess­ful­ly ap­p­lied the at­tacks on 22 different PDF view­ers and found 21 of them to be vul­nerable, in­clu­ding pro­mi­nent and wi­de­ly used ap­p­li­ca­ti­ons such as Adobe Re­a­der DC and Foxit.

[pdf]

Tags: