Okay, this one has some potentially VERY serious ramifications.
New 'Shadow Attack' can replace content in digitally signed PDF files | ZDNet
The list of vulnerable applications includes Adobe Acrobat Pro, Adobe Acrobat Reader, Perfect PDF, Foxit Reader, PDFelement, and others, according to new research [PDF] published this week by academics from the Ruhr-University Bochum in Germany.
A Shadow Attack is when a threat actor prepares a document with different layers and sends it to a victim. The victim digitally signs the document with a benign layer on top, but when the attacker receives it, they change the visible layer to another one.
Because the layer was included in the original document that the victim signed, changing the layer's visibility doesn't break the cryptographic signature and allows the attacker to use the legally-binding document for nefarious actions -- such as replacing the payment recipient or sum in a PDF payment order or altering contract clauses.
New 'Shadow Attack' can replace content in digitally signed PDF files | ZDNet