Hacking Digitally Signed PDF Files

Interesting paper: “Shadow Attacks: Hiding and Replacing Content in Signed PDFs“:
Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content. A user opening a signed PDF expects to see a warning in case of any modification. In 2019, Mladenov et al. revealed various parsing vulnerabilities in PDF viewer implementations.They showed attacks that could modify PDF documents without invalidating the signature. As a consequence, affected vendors of PDF viewers implemented countermeasures preventing all attacks…Schneier on SecurityRead More