Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

In Hacker News by Blog Writer

Post Sharing
Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents.
Called “Shadow attacks” by academics from Ruhr-University Bochum, the technique uses the “enormous flexibility provided by the PDF specification so that shadow documents remain