Security News

Adobe's product security response machine revved into high gear this week with the release of multiple patches for gaping security holes in widely deployed software products. According to the San Jose, Calif. software maker, this month's batch of patches address a swathe of potentially dangerous vulnerabilities in Adobe Acrobat and Reader, Adobe Photoshop, and the ever-present Adobe Creative Cloud Desktop Application.

Cybersecurity researchers have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document's visible content by displaying malicious content over the certified content without invalidating its signature. "The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents under different permission levels," said researchers from Ruhr-University Bochum, who have systematically analyzed the security of the PDF specification over the years.

Certified portable document format files are used to securely sign agreements between two parties while keeping the contents' integrity protected, but a new report found the security protections on most certified PDF applications were inadequate and left organizations exposed to a number of attacks. Researchers from Ruhr University Bochum explained certified PDFs use two specific signatures to authenticate the document, an Approval signature and a Certification signature.

A pair of techniques to surreptitiously alter the content of certified PDFs have been detailed by researchers in Germany. Using certified PDFs is increasingly common in business.

Adobe on Tuesday warned that a gaping security hole in one of the most widely deployed software products has been exploited in the wild in "Limited attacks targeting Adobe Reader users on Windows." Adobe's confirmation of the zero-day attack was buried in a security bulletin that documents at least 11 security vulnerabilities affected Adobe Acrobat and Reader on both Windows and MacOS platforms.

Foxit Software, the company behind the highly popular Foxit Reader, has published security updates to fix a high severity remote code execution vulnerability affecting the PDF reader. The high-severity vulnerability results from a Use After Free bug found by Aleksandar Nikolic of Cisco Talos in the V8 JavaScript engine used by Foxit Reader to display dynamic forms and interactive document elements.

Users attempting to download the alleged document templates are redirected, without their knowledge, to a malicious website that hosts the malware. "Once the RAT is on the victim's computer and activated, the threat actors can send commands and upload additional malware to the infected system, such as ransomware, a credential stealer, a banking trojan, or simply use the RAT as a foothold into the victim's network," researchers from eSentire said in a write-up published on Tuesday.

Most security agencies fail to properly sanitize Portable Document Format files before publishing them, thus exposing potentially sensitive information and opening the door for attacks, researchers have discovered. An analysis of roughly 40,000 PDFs published by 75 security agencies in 47 countries has revealed that these files can be used to identify employees who use outdated software, according to Supriya Adhatarao and Cédric Lauradoux, two researchers with the University Grenoble Alpes and France's National Institute for Research in Computer Science and Automation.

Abstract: Organizations publish and share more and more electronic documents like PDF files. We gathered a corpus of 39664 PDF files published by 75 security agencies from 47 countries.

Interesting paper: "Shadow Attacks: Hiding and Replacing Content in Signed PDFs":. Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content. A user opening a signed PDF expects to see a warning in case of any modification.