Researchers from Ruhr University Bochum and Münster University revealed PDFex, two vulnerabilities of PDF files that undermine the encryption used to secure their contents. One vulnerability lets attackers manipulate parts of the file to enable direct exfiltration attacks, and the other can be used to "modify existing plaintext" and "construct entirely new encrypted objects."
This isn't an isolated problem. The researchers explained that many companies rely on PDF encryption. Some, like Canon and Samsung, use PDF encryption in their scanners. IBM offers "PDF encryption services for PDF documents and other data (e.g., confidential images) by wrapping them into PDF," they said, and PDF encryption can also be used to keep medical records secure during transfer.
The PDFex vulnerabilities are also hard to avoid because they're problems with the PDF format itself. The researchers said their "evaluation shows that among 27 widely-used PDF viewers, all of them are vulnerable to at least one of those attacks, including popular software such as Adobe Acrobat, Foxit Reader, Evince, Okular, Chrome, and Firefox." They shared more information about this evaluation on a dedicated website.
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.
Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen — Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks
Russian military botnet discovered on 1000+ compromised routers — FBI deactivated Moobot by taking control of impacted routers