Researchers from the Ruhr-University Bochum in Germany have reported the attacks bypassing the signature validation in PDF. Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content. Experts say compared to previous attacks, the shadow attacks do not abuse implementation issues in a PDF viewer. Shadow attacks use the enormous flexibility provided by the PDF specification so that shadow documents remain standard compliant. Since shadow attacks abuse only legitimate features, they are hard to mitigate.”]

