New ‘Shadow Attack’ Replaces Content in Digital signed PDF files

Shadow Attack

15 out of the 28 top desktop PDF viewers are vulnerable, German academics say. A new attack allows malicious threat actors to modify the content of all digitally signed PDF documents.

The list of all vulnerable applications includes Adobe Acrobat Reader, Perfect PDF, Adobe Acrobat Pro, Foxit Reader, PDFelement, and others, confirmed the report published this week by academics from the Ruhr-University Bochum, Germany.

Experts have named this technique of forging such documents a Shadow Attack. The primary idea behind a Shadow Attack is the concept of “view layers” as varied sets of content that remain overlaid on top of each other incorporated a PDF document.

A Shadow Attack happens when a threat actor prepares a document having different layers and sends it to a victim. The victim falls in to digitally signs the document with a layer on top, but when the attacker receives it, they end up changing the visible layer to another one.

Source: Zdnet