Researchers from Ruhr University Bochum and Münster University of Applied Sciences have devised new attacks allowing them (and potential attackers) to recover the plaintext content of encrypted PDF documents.
The attacks work against 27 widely-used desktop and browser-integrated PDF viewers.
The attacks
The PDFex attacks (as the researchers collectively dubbed them) can either result in direct exfiltration or exfiltration via CBC gadgets.
Direct exfiltration attacks abuse the fact that some PDF readers don’t encrypt the entire contents of a PDF document.
“The PDF specification allows the mixing of ciphertexts with plaintexts. In combination with further PDF features which allow the loading of external resources via HTTP, the attacker can run direct exfiltration attacks once a victim opens the file. As soon as the file is opened and decry ..
Support the originator by clicking the read the rest link below.
