Editing PDF (section)

===Changes to content===
In November 2019, researchers from [[Ruhr University Bochum]] and Hackmanit GmbH published attacks on digitally signed PDFs.<ref>{{cite book |url=https://dl.acm.org/doi/10.1145/3319535.3339812 |series=CCS '19 |date=November 6, 2019 |pages=1–14 |publisher=ACM Digital Library, ACM SIGSAC Conference on Computer and Communications Security |doi=10.1145/3319535.3339812 |isbn=9781450367479 |s2cid=199367545 |url-access=subscription |access-date=April 6, 2021 |archive-date=April 26, 2021 |archive-url=https://web.archive.org/web/20210426223722/https://dl.acm.org/doi/10.1145/3319535.3339812 |url-status=live |chapter=1 Trillion Dollar Refund: How to Spoof PDF Signatures |title=Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security |last1=Mladenov |first1=Vladislav |last2=Mainka |first2=Christian |last3=Meyer Zu Selhausen |first3=Karsten |last4=Grothe |first4=Martin |last5=Schwenk |first5=Jörg }}</ref> They showed how to change the visible content in a signed PDF without invalidating the signature in 21 of 22 desktop PDF viewers and 6 of 8 online validation services by abusing implementation flaws.
At the same conference, they additionally showed how to exfiltrate the plaintext of encrypted content in PDFs.<ref>{{cite book |url=https://dl.acm.org/doi/10.1145/3319535.3354214 |series=CCS '19 |date=November 6, 2019 |pages=15–29 |publisher=ACM Digital Library, ACM SIGSAC Conference on Computer and Communications Security |doi=10.1145/3319535.3354214 |isbn=9781450367479 |s2cid=207959243 |url-access=subscription |access-date=April 6, 2021 |archive-date=April 26, 2021 |archive-url=https://web.archive.org/web/20210426223415/https://dl.acm.org/doi/10.1145/3319535.3354214 |url-status=live |chapter=Practical Decryption exFiltration: Breaking PDF Encryption |title=Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security |last1=Müller |first1=Jens |last2=Ising |first2=Fabian |last3=Mladenov |first3=Vladislav |last4=Mainka |first4=Christian |last5=Schinzel |first5=Sebastian |last6=Schwenk |first6=Jörg }}</ref> In 2021, they showed new so-called ''shadow attacks'' on PDFs that abuse the flexibility of features provided in the specification.<ref>{{cite web |url=https://www.ndss-symposium.org/ndss-paper/shadow-attacks-hiding-and-replacing-content-in-signed-pdfs/ |title=Shadow Attacks: Hiding and Replacing Content in Signed PDFs |publisher=Internet Society, The Network and Distributed System Security Symposium |access-date=April 6, 2021 |archive-date=April 21, 2021 |archive-url=https://web.archive.org/web/20210421094100/https://www.ndss-symposium.org/ndss-paper/shadow-attacks-hiding-and-replacing-content-in-signed-pdfs/ |url-status=live }}</ref> An overview of security issues in PDFs regarding [[denial of service]], [[Data breach|information disclosure]], [[data manipulation]], and [[arbitrary code execution]] attacks was presented by Jens Müller.<ref>{{cite web |url=https://www.ndss-symposium.org/ndss-paper/processing-dangerous-paths-on-security-and-privacy-of-the-portable-document-format/ |title=Processing Dangerous Paths – On Security and Privacy of the Portable Document Format |publisher=Internet Society, The Network and Distributed System Security Symposium |access-date=April 6, 2021 |archive-date=April 21, 2021 |archive-url=https://web.archive.org/web/20210421094018/https://www.ndss-symposium.org/ndss-paper/processing-dangerous-paths-on-security-and-privacy-of-the-portable-document-format/ |url-status=live }}</ref><ref>{{cite web |url=https://www.blackhat.com/us-20/briefings/schedule/#portable-document-flaws--20387 |title=Portable Document Flaws 101 |publisher=Blackhat |access-date=April 6, 2021 |archive-date=April 9, 2021 |archive-url=https://web.archive.org/web/20210409131634/https://www.blackhat.com/us-20/briefings/schedule/#portable-document-flaws--20387 |url-status=live }}</ref>