• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2020-3452 – Cisco Network Security Flaw Leaks Sensitive Data
July 24, 2020
Rewterz Threat Advisory – CVE-2020-14307 – Red Hat JBoss Enterprise Application Platform denial of service
July 27, 2020

Rewterz Threat Advisory – New ‘Shadow Attack’ Manipulates Digitally Signed PDF Files

July 24, 2020

Severity

High

Analysis Summary

Fifteen out of 28 desktop PDF viewer applications are vulnerable to a new attack that lets malicious threat actors modify the content of digitally signed PDF documents. The list of vulnerable applications includes Adobe Acrobat Pro, Adobe Acrobat Reader, Perfect PDF, Foxit Reader, PDFelement, and others.

shadow-attack-results.png

Academics have named this technique of forging documents a Shadow Attack. A Shadow Attack is when a threat actor prepares a document with different layers and sends it to a victim. The victim digitally signs the document with a benign layer on top, but when the attacker receives it, they change the visible layer to another one. Because the layer was included in the original document that the victim signed, changing the layer’s visibility doesn’t break the cryptographic signature and allows the attacker to use the legally-binding document for nefarious actions — such as replacing the payment recipient or sum in a PDF payment order or altering contract clauses. According to the research team three variants of a Shadow Attack exist:

  • Hide — when attackers use the PDF standard’s Incremental Update feature to hide a layer, without replacing it with anything else.
  • Replace — when attackers use the PDF standard’s Interactive Forms feature to replace the original content with a modified value.
  • Hide-and-Replace — when attackers use a second PDF document contained in the original document to replace it altogether.

The Shadow Attack is currently tracked with the CVE-2020-9592 and CVE-2020-9596 identifiers.

Impact

  • Security Bypass
  • Data Manipulation

Affected Vendors

  • Adobe
  • Others

Affected Products

  • Adobe Acrobat and Reader versions 2020.006.20042 and earlier
  • 2017.011.30166 and earlier
  • 2015.006.30518 and earlier

Remediation

Update PDF viewer apps to latest versions.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.