Certified portable document format files are used to securely sign agreements between two parties while keeping contents integrity protected. A new report found the security protections on most certified PDF applications were inadequate and left organizations exposed to a number of novel novel attacks. Evil Annotation (EAA) and Sneaky Signature s allow an attacker to overlay malicious content (PDF) on top of the certified information without showing any signs it was altered. Adobe, Foxit, and LibreOffice had an additional flaw that allowed certified documents to execute JavaScript code.
Source: https://threatpost.com/pdf-certified-widely-vulnerable-to-attack/166505/