Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Can You Trust Digital Signatures in PDF Files?
Message
<blockquote data-quote="upnorth" data-source="post: 854544" data-attributes="member: 38832"><p>This case is one of those I would call, a whitepaper attack.</p><p>[URL unfurl="true"]https://media.ccc.de/v/36c3-10832-how_to_break_pdfs[/URL]</p><p>If one watch their video presentation, I barely managed because it was very boring just as they warned and they even mention the 3 attacks that they found working is very hard to achieve, even if one was for themselves " trivial ", it's no major issue for the time being for common/home users. Especially with latest updated PDF readers. With targeted attacks it sounds like another deal, but they already communicate with several of the effected companies/vendors and even got this acknowledge by Adobe. </p><p></p><p>This also effects browsers. For example in Windows 10, Edge is the default reader for pdf files until one install and actively choose something else, but Edge was exclude because : </p><p></p><p>Opera, failed miserably in their tests. <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite123" alt=":cry:" title="Crying :cry:" loading="lazy" data-shortname=":cry:" /></p><p></p><p><img src="https://images2.imgbox.com/3e/03/4oj4aX9A_o.png" alt="" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p>But, there's a light in the end of this tunnel. The vulnerabilities has so called CVE ( Common Vulnerabilities and Exposures ) numbers and if one follow those it's easy to see that latest versions of for example Acrobat Reader ( 2019.021.20061 ) is not exposed or effected and as Operas latest stable version is on 66.0.3515.36 compered to 57.0.3098.106 in the test, I wouldn't be surprised if that is also covered/fixed by now. </p><p>[URL unfurl="true"]https://nvd.nist.gov/vuln/detail/CVE-2018-16042[/URL]</p><p>I also searched for CVE-2018-18688 and CVE-2018-18689, and most vendors already seems to have released patched versions. </p><p></p><p></p><p></p><p>[URL unfurl="true"]https://www.pdf-insecurity.org/[/URL]</p></blockquote><p></p>
[QUOTE="upnorth, post: 854544, member: 38832"] This case is one of those I would call, a whitepaper attack. [URL unfurl="true"]https://media.ccc.de/v/36c3-10832-how_to_break_pdfs[/URL] If one watch their video presentation, I barely managed because it was very boring just as they warned and they even mention the 3 attacks that they found working is very hard to achieve, even if one was for themselves " trivial ", it's no major issue for the time being for common/home users. Especially with latest updated PDF readers. With targeted attacks it sounds like another deal, but they already communicate with several of the effected companies/vendors and even got this acknowledge by Adobe. This also effects browsers. For example in Windows 10, Edge is the default reader for pdf files until one install and actively choose something else, but Edge was exclude because : Opera, failed miserably in their tests. :cry: [IMG]https://images2.imgbox.com/3e/03/4oj4aX9A_o.png[/IMG] But, there's a light in the end of this tunnel. The vulnerabilities has so called CVE ( Common Vulnerabilities and Exposures ) numbers and if one follow those it's easy to see that latest versions of for example Acrobat Reader ( 2019.021.20061 ) is not exposed or effected and as Operas latest stable version is on 66.0.3515.36 compered to 57.0.3098.106 in the test, I wouldn't be surprised if that is also covered/fixed by now. [URL unfurl="true"]https://nvd.nist.gov/vuln/detail/CVE-2018-16042[/URL] I also searched for CVE-2018-18688 and CVE-2018-18689, and most vendors already seems to have released patched versions. [URL unfurl="true"]https://www.pdf-insecurity.org/[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top