Attacks on PDF Certification

25.05.2021 - Simon Rohlmann

At the "IEEE Symposium on Security and Privacy 2021" we published a new paper on PDF security: "Breaking the Specification: PDF Certification".

We present two novel attacks on certified documents: Sneaky Signature and Evil Annotation Attack. We also demonstrate how an attacker can gain rights to execute arbitrary JavaScript code in Adobe Acrobat.

More information can be found on and in our blogpost "Attacks on PDF Certification"

tags: certification, PDF, pdf-security, pdf-signatures