New ‘Shadow Attack’ can replace content in digitally signed PDF files | ZDNet

Fifteen out of 28 desktop PDF viewer applications are vulnerable to a new attack that lets malicious threat actors modify the content of digitally signed PDF documents. The list of vulnerable applications includes Adobe Acrobat Pro, Adobe Acrobat Reader, Perfect PDF, Foxit Reader, PDFelement, and others, according to new research [ PDF] published this week by academics from the Ruhr-University Bochum in Germany.