"PDFex Attacks Can Exfiltrate Content From Encrypted PDF Documents"
Researchers from Ruhr University Bochum and Munster University of Applied Sciences developed PDFex attacks that can be used to exfiltrate plaintext content from encrypted PDF documents. These attacks were successfully tested against 27 popular desktop and browser-integrated PDF viewers, including Adobe Acrobat, Nitro, and Chrome's built-in PDF viewer. According to researchers, some PDF viewers do not encrypt all of the content of a PDF document, resulting in the success of direct exfiltration attacks. CBC gadgets can also be used by attackers to exfiltrate plaintext from encrypted PDF documents. This article continues to discuss the PDFex attacks devised by researchers and the disclosure of these attacks to vendors.
Help Net Security reports "PDFex Attacks Can Exfiltrate Content From Encrypted PDF Documents"