PDF Signature Spoofing

PDF signatures are a way to check the authenticity and edits of a PDF document to ensure it is not a fraud attempt.  Recently, PDF-Insecurity.org found a way to edit a PDF after it had been signed and would not reflect that anything had been changed.  To determine how severe the issue was, they tested it against native desktop applications, as well as online validation software and found that 21 out of 22 desktop applications failed to report the changes along with 5 out of the 7 online validation clients.  PDF-Insecurity reached out to the companies that did not recognize the change and have been working with them to get the issue fixed.  It is always advised to check the signature of a PDF, and if something seems off, ask the sender for validation of the information. 


Relevant URL(s): https://www.pdf-insecurity.org/index.html