Assumed to be secure for 15 years, our talk reveals what could go wrong while a PDF document is being verified. We elaborated novel attacks leading to critical vulnerabilities in all PDF viewers, most notably in Adobe, Foxit, and LibreOffice. As a result, an attacker can manipulate the content of digitally signed PDFs arbitrarily while a victim is unable to detect this and even execute privileged code on the victim’s machine.
In our presentation, we will give a systematized overview of the attacks we discovered in the recent years with respect to digital signatures[1,2,3]. We show different techniques to circumvent the integrity protection and to manipulate signed content without being noticed. All findings have been responsibly disclosed, and the affected vendors were supported during fixing the issues. Our research on PDF security is also available online at https://www.pdf-insecurity.org/.