ZDNET reported that 15 of the most popular PDF viewers were vulnerable to what security researchers called a “Shadow Attack”. This attack even allowed the attackers to EDIT and alter digitally signed PDF files by overlaying content in layers. According to the ZDNET, researchers at Ruhr-University Bochum in Germany identify the vulnerability in PDF detailing how it is done. The affected publishers were notified but you need to update to the patched versions or you could be susceptible to having a digitally signed PDF altered. The tampered document would be ideal for BEC social engineering attacks.
The Shadow Attack was assigned CVE-2020-9592 and CVE-2020-9596 identifiers.
The researchers point out, “because the layer was included in the original document that the victim signed, changing the layer’s visibility doesn’t break the cryptographic signature and allows the attacker to use the legally-binding document for nefarious actions – such as replacing the payment recipient or sum in a PDF payment order or altering contract clauses.”
Read full article here