Home
News
PC & Laptop
- Software
- Hardware
- Peripherals
- Accessories
- Operating System
  - Windows
  - Linux
  - Mac
Mobile
- Smartphone
- Mobile Apps
- Tablet
- IPad
- Wearable
Networking
- Cloud
- Hybrid Cloud
- Data Center
- Server
- WiFi
- WAN
Internet
Security
Gaming
Reviews
- Car
- Desktop
- Laptop
- Mobile Reviews
- Software Reviews
- Mobile Apps Reviews
- Gaming Reviews
- Home Appliance
- Headphone
- Speaker
- Camera
- TV
Gaming Videos
How To
- Tips and Tricks

Trending Now

Google Messages working on a setting to turn...

IBM drops $6.4B to grab HashiCorp multi-cloud automation...

General Grievous Strikes In Star Wars: Tales Of...

変革をもたらす人材を育成するためにエリーインシュアランスが行っていること

What will cyber threats look like in 2024?

Google rolls out smooth device switching for Google...

Nvidia to buy AI orchestration software provider Run:ai

X-Men ’97 Reveals Theo James’ Mystery Role

WhatsApp begins rollout of passkeys on iOS

Embracer’s Name Is Going Away, CEO Denies It’s...

Home
News
PC & Laptop
- Software
- Hardware
- Peripherals
- Accessories
- Operating System
  - Windows
  - Linux
  - Mac
Mobile
- Smartphone
- Mobile Apps
- Tablet
- IPad
- Wearable
Networking
- Cloud
- Hybrid Cloud
- Data Center
- Server
- WiFi
- WAN
Internet
Security
Gaming
Reviews
- Car
- Desktop
- Laptop
- Mobile Reviews
- Software Reviews
- Mobile Apps Reviews
- Gaming Reviews
- Home Appliance
- Headphone
- Speaker
- Camera
- TV
Gaming Videos
How To
- Tips and Tricks

Home SecurityApplication Security PDFs may have even more security flaws than we thought

Application Security News PC & Laptop Security Software

PDFs may have even more security flaws than we thought

by Cyber Techbiz May 26, 2021

by Cyber Techbiz May 26, 2021 0 comment

Security researchers have discovered two vulnerabilities in the PDF speciﬁcation that enable attackers to stealthy alter the contents of certified documents.

The vulnerabilities were discovered by academic researchers from Germany’s Ruhr-University Bochum, and will be presented in the on-going 42nd IEEE Symposium on Security and Privacy.

The researchers explain that the vulnerabilities particularly impact certification signatures in PDF documents. Unlike normal PDF signatures, certified signatures permit changes to enable a second party to sign the document. However, due to the vulnerabilities, the second party can also change the content of the contract without generating any warnings.

The researchers were able to circumvent the integrity of the protected PDF documents with two new attacks they’ve colorfully dubbed called Sneaky Signature Attack (SSA) and Evil Annotation Attack (EAA).

Breaking certification

Certified PDFs are an asset in the business world, even more so with the drop in physical meetings in the post-Covid world.

When using certification signatures, the party who issues the document and signs it first can also determine the changes the other party is allowed to make, such as comments, adding text in special fields, or a second digital signature.

Using the SSA and EAA attacks the researchers were able to successfully display completely different content in the document, without invalidating the certification.

The developers altered documents with 26 PDF apps, and were able to break the certification with at least one of the attacks in 24 of the apps.

After combing through the researcher’s findings, The Register notes that major PDF-generation apps, such as Adobe, LibreOffice, and Foxit, have already patched the vulnerabilities, though some smaller PDF tools have been slower to respond.

Credits: Techradar

0 comment

0

Facebook Twitter Pinterest Email

Cyber Techbiz

We at Cyber Techbiz are a Multi-platform publisher of Latest News, Reviews, Articles, Blogs, Guides related to Technology and consumer Electronics globally.

previous post

Unreal Engine 5 First Xbox Series X Footage Shown, Free Early Access and Demo Available

next post

Pocket Gamer LaunchPad #4 took mobile gaming to the moon last week with millions | Pocket Gamer.biz

Related Posts

Google Messages working on a setting to turn...

April 24, 2024

IBM drops $6.4B to grab HashiCorp multi-cloud automation...

April 24, 2024

General Grievous Strikes In Star Wars: Tales Of...

April 24, 2024

変革をもたらす人材を育成するためにエリーインシュアランスが行っていること

April 24, 2024

What will cyber threats look like in 2024?

April 24, 2024

Google rolls out smooth device switching for Google...

April 24, 2024

Search

Follow for more updates

Follow @cybertechbiz

Popular Post

Most Viewed
Recent Posts
Recent Comments
Tags

Kyndryl bets on partnerships, consulting arm to redeem itself
SAP 2024 outlook: 5 predictions for customers
IBM services aim to boost data center sustainability
Watching the bottom line—How a Zero Trust position can save time and money
Best modern banking apps on iOS for 2024

Google Messages working on a setting to turn off all those fancy new animations
IBM drops $6.4B to grab HashiCorp multi-cloud automation technology
General Grievous Strikes In Star Wars: Tales Of The Empire's First Clip
変革をもたらす人材を育成するためにエリーインシュアランスが行っていること
What will cyber threats look like in 2024?

Tags

5g ai amazon android app apple Apples Big black Buy coming day deal deals free galaxy game Gamerbiz games gaming Google ios iPad iphone launch microsoft Million mobile pc phone pixel pocket price pro review sale Samsung series techcrunch today update video watch windows xbox

Shop at Amazon

Archive

Archive

Join us on Twitter

Tweets by cybertechbiz

About Us

CyberTechbiz is a Multi-platform publisher of latest Technology News and information.

We have earned a reputation as the leading provider of service news and information that improves the quality of life of its readers by focusing on Mobile, PC, Laptop, Cloud, Networking, Internet, Security, Gaming and Reviews. We highly value our audience and aim to deliver the ultimate experience.

Popular Posts

Google Messages working on a setting to turn off all those fancy new animations
April 24, 2024
IBM drops $6.4B to grab HashiCorp multi-cloud automation technology
April 24, 2024
General Grievous Strikes In Star Wars: Tales Of The Empire’s First Clip
April 24, 2024
変革をもたらす人材を育成するためにエリーインシュアランスが行っていること
April 24, 2024

Editor’s Picks

変革をもたらす人材を育成するためにエリーインシュアランスが行っていること
April 24, 2024
Top 4 focus areas for securing your software supply chain
April 24, 2024
This killer AVG Ultimate antivirus deal is just $18 for two years
April 24, 2024
How we test USB-C cables at PCWorld
April 24, 2024

Subscribe Newsletter

Subscribe our Newsletter for new blog posts, tips & new photos. Let's stay updated!

Leave this field empty if you're human:

Home
About
Disclaimer
Privacy Policy
Terms of Service
Contact US

Cybertechbiz.com ©2020 - All Right Reserved.

Home
News
PC & Laptop
- Software
- Hardware
- Peripherals
- Accessories
- Operating System
  - Windows
  - Linux
  - Mac
Mobile
- Smartphone
- Mobile Apps
- Tablet
- IPad
- Wearable
Networking
- Cloud
- Hybrid Cloud
- Data Center
- Server
- WiFi
- WAN
Internet
Security
Gaming
Reviews
- Car
- Desktop
- Laptop
- Mobile Reviews
- Software Reviews
- Mobile Apps Reviews
- Gaming Reviews
- Home Appliance
- Headphone
- Speaker
- Camera
- TV
Gaming Videos
How To
- Tips and Tricks

Recent Posts

Google Messages working on a setting to turn off all those fancy new animations
April 24, 2024
IBM drops $6.4B to grab HashiCorp multi-cloud automation technology
April 24, 2024
General Grievous Strikes In Star Wars: Tales Of The Empire’s First Clip
April 24, 2024
変革をもたらす人材を育成するためにエリーインシュアランスが行っていること
April 24, 2024
What will cyber threats look like in 2024?
April 24, 2024

Cybertechbiz.com ©2020 - All Right Reserved.