Per ZDNet, https://www.zdnet.com/article/new-shado ... pdf-files/
.. Tracker PDF products (among many others) are partly vulnerable to content in signed PDF documents hiding other (malicious) content, so that a signed document can be made to appear to contain something other than what the user (thought that they) signed.
The article notes that patches are available, though it isn't explicit about for which PDF products patches are available.
Tracker, please make an official statement.
thank you.
"Shadow Attack" vulnerability? SOLVED
Moderators: TrackerSupp-Daniel, Tracker Support, Paul - Tracker Supp, Vasyl-Tracker Dev Team, Chris - Tracker Supp, Sean - Tracker, Ivan - Tracker Software, Tracker Supp-Stefan
-
TrackerSupp-Daniel
- Site Admin
- Posts: 8593
- Joined: Wed Jan 03, 2018 6:52 pm
Re: "Shadow Attack" vulnerability?
Hi, libove
Currently I can say that our most recently releases are correctly protected from most Shadow attacks. When we next make changes to our build history page, we will be updating the history to show which release the fix was implemented in. https://www.pdf-xchange.com/produc ... or/history
Going forward, so long as you are using the latest version of our software, you can rest assured that these functions will work as expected.
Kind regards,
Currently I can say that our most recently releases are correctly protected from most Shadow attacks. When we next make changes to our build history page, we will be updating the history to show which release the fix was implemented in. https://www.pdf-xchange.com/produc ... or/history
Going forward, so long as you are using the latest version of our software, you can rest assured that these functions will work as expected.
Kind regards,
Dan McIntyre - Support Technician
Tracker Software Products (Canada) LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
Tracker Software Products (Canada) LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
-
TrackerSupp-Daniel
- Site Admin
- Posts: 8593
- Joined: Wed Jan 03, 2018 6:52 pm
Re: "Shadow Attack" vulnerability? SOLVED
Hi, again,
I wanted to offer further confirmation, previously I said we are covered for most shadow attacks. Our Lead developer has just informed me that after some extensive re-testing, he can confirm that the current release (341.0) is not vulnerable to any shadow attacks.
Kind regards,
I wanted to offer further confirmation, previously I said we are covered for most shadow attacks. Our Lead developer has just informed me that after some extensive re-testing, he can confirm that the current release (341.0) is not vulnerable to any shadow attacks.
Kind regards,
Dan McIntyre - Support Technician
Tracker Software Products (Canada) LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com
Tracker Software Products (Canada) LTD
+++++++++++++++++++++++++++++++++++
Our Web site domain and email address has changed as of 26/10/2023.
https://www.pdf-xchange.com
Support@pdf-xchange.com