Researchers from Ruhr-University Bochum have disclosed two new attack techniques on certified PDF documents. The Evil Annotation and Sneaky Signature attacks hinge on manipulating the PDF certification process by exploiting flaws in the specification that governs the implementation of digital signatures. The study revealed that it’s possible to execute high-privileged JavaScript code in Adobe Acrobat Pro and Reader by sneaking such code via EAA and SSA as an incremental update to the certified document. The findings were presented at the 42nd IEEE Symposium on Security and Privacy (IEEE S&P 2021)
Source: https://thehackernews.com/2021/05/researchers-demonstrate-2-new-hacks-to.html