New 'Shadow Attack' can replace content in digitally signed PDF files

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,143
Content source
https://www.zdnet.com/article/new-shadow-attack-can-replace-content-in-digitally-signed-pdf-files/
Fifteen out of 28 desktop PDF viewer applications are vulnerable to a new attack that lets malicious threat actors modify the content of digitally signed PDF documents.

The list of vulnerable applications includes Adobe Acrobat Pro, Adobe Acrobat Reader, Perfect PDF, Foxit Reader, PDFelement, and others, according to new research [PDF] published this week by academics from the Ruhr-University Bochum in Germany.
Click to expand...
shadow-attack-results.png

Image: Mainka et al.
Click to expand...

PDF Insecurity Website

pdf-insecurity.org
 
Last edited:
  • Like
  • +Reputation
Reactions: Protomartyr, CyberTech, plat and 8 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,566
From the article:
PATCHES ARE AVAILABLE
The research team said they worked with the CERT-Bund (Computer Emergency Response Team of Germany) to contact PDF app makers to report this new attack vector and have it patched before going public with their findings earlier this week.

The Shadow Attack is currently tracked with the CVE-2020-9592 and CVE-2020-9596 identifiers.

Companies should update their PDF viewer apps to make sure the PDF documents they sign can't be tampered with via a Shadow Attack.
Click to expand...
So, nothing to worry about if your pdf software is up to date?
 
  • Like
Reactions: Protomartyr, CyberTech, plat and 3 others
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Gandalf_The_Grey said:
nothing to worry about if your pdf software is up to date?
Click to expand...
Concerns are users who use manual updates, blocked checking for updates, or using older versions because they don't want to pay for the newer releases. Both for consumers and businesses.


I don't see Chrome or Chromium-Edge PDF "app" on the list, browser PDFs are unaffected?
 
  • Like
Reactions: Protomartyr, CyberTech, plat and 4 others
upnorth

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Was shortly debated also here.
malwaretips.com

Can You Trust Digital Signatures in PDF Files?

Hardly a company or government agency exists that does not use PDF files. And they often use digital signatures to ensure the authenticity of such documents. When you open a signed file in any PDF viewer, the program displays a flag indicating that the document is signed, and by whom, and gives...
malwaretips.com malwaretips.com
CVE-2020-9592 and CVE-2020-9596 was patched in Adobe Reader in May this year 2020.

Adobe Security Bulletin

Security Update available for Adobe Acrobat and Reader | APSB20-24
helpx.adobe.com helpx.adobe.com
As previous, PDF readers that can't view digitally signed documents this probably ain't an issue.
 
Last edited:
  • Like
  • +Reputation
  • Thanks
Reactions: Protomartyr, Ink, CyberTech and 6 others
SeriousHoax

SeriousHoax

Level 47
Verified
Top Poster
Well-known
Mar 16, 2019
3,633
  • Like
  • +Reputation
Reactions: Protomartyr, CyberTech, silversurfer and 2 others
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • Applause
    • +Reputation
New Update Microsoft and Adobe announce new Adobe Acrobat integration in Microsoft Teams
Replies
0
Views
580
Office, email and business apps
silversurfer
silversurfer
Andy Ful
    • +Reputation
    • Like
    • Applause
New Update Testing Windows Hybrid Hardening (new hardening application).
Replies
253
Views
21,706
Hard_Configurator Tools
South Park
South Park
Andy Ful
    • Like
    • +Reputation
    • Thanks
Safe PDF viewers.
Replies
30
Views
6,027
Office, email and business apps
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top