*Warning

(for adventurous eaters only)


Pdf Reader Document Expert

broken image


  1. Pdf Reader Document Expert Free
  2. Pdf Reader Document Expert Software
  3. Pdf Reader Document Expert
  4. Pdf Reader Document Expert Mac
  5. Pdf File Reader App

By Kdan Mobile Software LTD

In some kinds of malicious PDF attacks, the PDF reader itself contains a vulnerability or flaw that allows a file to execute malicious code. Remember that PDF readers aren't just applications like Adobe Reader and Adobe Acrobat. Most browsers contain a built-in PDF reader engine that can also be targeted. PDF Reader Pro - Document Expert, free and safe download. PDF Reader Pro - Document Expert latest version: A PDF Viewer Solution to View, Edit, Annotate, and Print PDF Documents. PDF Reader Pro is a tool that lets you read, share, and annotate PDF documents.

Pdf Reader Document Expert Free

  • Category:Productivity
  • Release Date: 2013-06-10
  • Current Version: 3.4.1
  • Adult Rating: 4+
  • File Size: 30.10 MB
  • Developer:Kdan Mobile Software LTD
  • Compatibility: Requires iOS 10.12 or later.
Free On itunes

Building upon the global success of 60 million+ downloads of PDF Reader series, Kdan Mobile has taken a step forward to migrate the technology to Apple's Mac platform. Covering all the essentials and more, PDF Reader is one of the world's leading PDF solutions across any Apple device. Its expert features allow you to view, annotate, combine, compress, organize and sign PDFs with ease. Now you can efficiently work with PDFs on your iPhone, iPad, and Mac.AWARDS AND RECOGNITION- Winner of the 2020 High Performer award in the File Reader Software category on G2 Crowd.- Featured as one of the 'Best PDF readers for Mac of 2020' apps on Techradar.- Productivity: Top 10 free apps in the USA, Germany, China, Brazil, UK and many other stores.KEY FEATURESEDIT TEXT• Edit text contents in PDFs without turning them back to the original file format• Replace, add, or delete text directly• Support to change font size and colorEDIT PDF• Compress the file size of PDFs • Combine & split PDFs• Protect PDFs with passwords and watermarks• Create fillable PDF formsVIEW FILES• Multi-tab viewing• View BOTA (Bookmark, Outline, Thumbnail, Annotation) Summary• View PDF in single page or double page view.• Dark mode supported (available for macOS Mojave and later)ANNOTATE PDF• Highlight, underline, and strikeout text• Add shapes, sticky notes, and text boxes• PDF signature & form filling• Add stamps indicating time and date information• Insert hyperlinks to external websites, target pages, and email addressMANAGE FILES• Two operating modes – File Viewer & Management• Create PDF from connected scanner and iOS devices• Create shortcuts to import local folders connecting with PDF Reader• Organize PDF files with tagsKDAN CLOUD SERVICES – SIGN UP FOR FREE• View PDFs online by sending file links.• Upload and manage files directly from your browser.• Send download links from the web with password protection.IN-APP PURCHASE (FREE TRIAL AVAILABLE)Convert, edit, and sync PDFs on the go by subscribing to Kdan Mobile's Document 365 services. Work with PDFs across all devices and platforms with ease.WHAT IS DOCUMENT 365?Document 365 is a comprehensive, cross-device document solution aimed at improving your productivity. The PDF document solution includes Kdan's best PDF Reader mobile and desktop apps along with online converting and faxing services. With document 365, you can leverage your productivity every day. And it starts now.PREMIUM PDF FEATURES• Full access to PDF Reader all versions, including iOS, Mac, and more• View multiple PDFs as tabs• OCR Converter (Perform OCR on scanner PDFs)• Convert and fax documents online• Batch encrypting PDF documents• Change PDF background• Apply bates number to PDF pages• Customize PDF with headers, footers, and page numbers• Rotate, rearrange, add, & delete PDF pages• Add PDF watermark, merge & split• Night reading mode• 1 TB storage space on Kdan CloudFREE TRIAL DETAILS- Try out the subscription content before you buy it. We offer 7-day and 14-day free trial periods to new subscribers of Document 365.Subscriptions will be charged through your iTunes account at the confirmation of purchase. Your subscriptions will automatically renew unless canceled at least 24 hours before the end of current subscription period. Your iTunes account will be charged for renewal within 24-hours prior to the end of the current period, for the same duration and at the present subscription price. No cancellation of the current subscription is allowed during an active subscription period. Terms of service: https://auth.kdanmobile.com/articles/terms_of_servicePrivacy Policy: https://auth.kdanmobile.com/articles/privacy_policyGot a question? Contact us at support@kdanmobilesupport.zendesk.com or check out https//support.kdanmobile.com

  • Faster than Adobe for large docs

    By Chanakath
    Adobe reader was very sluggish. Tried this one and this one is very smooth for large documents.

  • easy and smooth

    By Phanibhushan
    works well ..I prefer these things to be working in the background and silenty do their work ..no asking questions/no asking for choices ..this app does exactly that ..

  • terrible

    By potatolober5678819

  • Worked well but not opening now

    3
    I am unable to open the app anymore. I have tried re-installing the app too.

  • cool reader

    By Ash@MEcom

  • Excellent option for PDF!

    5
    Works well and is an excellent option for PDF.

  • keep the system run cool

    By sumeet (sp)
    one of the very good pdf reader by the apple and this work great

  • Older version was better

    By Atuljindal20
    This New version hangs alot and seems too slow. I would prefer old n simple version. This is was to complex and not required add-on features.

  • keeps the System running cooler.

    By Drjumbo0118
    It is better than the native ibooks app as it saves the highlights and changes made to large PDF files at the end while closing rather than simultaneously. My macbook used to run hot with ibooks but not a problem anymore. And it is smoother in terms of scrolling and overall interface when compared to Adobe reader.

  • BEST ONE

    By LrHari
Pdf Reader Document Expert

Most of us are no strangers to phishing attempts, and over the years we've kept you informed about the latest tricks used by attackers in the epidemic of phishing and spear-phishing campaigns that plague, in particular, email users. Like other files that can come as attachments or links in an email, PDF files have received their fair share of attention from threat actors, too. In this post, we'll take you on a tour of the technical aspects behind malicious PDF files: what they are, how they work, and how we can protect ourselves from them.

How Do PDF Files Execute Code?

Regular readers of the SentinelOne blog will be familiar with the idea of malicious Office attachments that run VBA code from Macros or use DDE to deliver attacks, but not so well-known is how PDFs can execute code.

In some kinds of malicious PDF attacks, the PDF reader itself contains a vulnerability or flaw that allows a file to execute malicious code. Remember that PDF readers aren't just applications like Adobe Reader and Adobe Acrobat. Most browsers contain a built-in PDF reader engine that can also be targeted. In other cases, attackers might leverage AcroForms or XFA Forms, scripting technologies used in PDF creation that were intended to add useful, interactive features to a standard PDF document.

'One of the easiest and most powerful ways to customize PDF files is by using JavaScript.' (Adobe)

To get a better understanding of how such attacks work, let's look at a typical PDF file structure. We can safely open a PDF file in a plain text editor to inspect its contents. At first glance, it might look indecipherable:

Pdf Reader Document Expert Software

However, with a bit of knowledge of PDF file structure, we can start to see how to decode this without too much trouble. The body or contents of a PDF file are listed as numbered 'objects'. These begin with the object's index number, a generation number and the 'obj' keyword, as we can see at lines 3 and 19, which show the start of the definitions for the first two objects in the file:

Pdf Reader Document Expert

1 0 obj
2 0 obj

The end of each object is signalled with the keyword endobj, as seen at lines 18 and 24 for Object 1 and Object 2, respectively.

Object 2 immediately offers us some clues. We can see that it contains a dictionary (signalled by the chevrons << and >>. The dictionary has an entry for a JavaScript stream and a reference to Object 1:

JS 1 0 R

This tells us that the 'garbage' code in Object 1 between the keywords stream (line 8) and endstream (line 15) is actually a JavaScript stream. Even better, Object 1's dictionary is kind enough to tell us how to decode it. Line 6 specifies a 'filter' of value 'FlateDecode'. We can now write a quick-and-dirty Python script that decompresses the stream into plain JavaScript:

Cleaning Up the Code

Our Python script churns out the JavaScript perfectly but not exactly beautifully:

As we've pointed out before, one thing you need to get used to when doing this kind of work is tidying up code to make it easier to work on. Here's the same code after running it through a beautifier or prettifier in Sublime Text:

Now we can read the JavaScript and determine if it's malicious or not. In this case, the code appears to be contacting a domain called 'readnotify.com'. Making callbacks ('phoning home') without user consent shows at least a lack of concern for user privacy. For people working in journalism or in politically-sensitive areas this could be a serious issue, as this kind of callback can reveal the user's IP address, operating system and browser version to a remote server.

More Malicious JavaScript

Compressed streams aren't the only way PDF files can contain obfuscated code. Here's another that looks a bit more of a worry when we look at its hash on VirusTotal:

19ac1c943d8d9e7b71404b29ac15f37cd230a463003445b47441dc443d616afd Step sequencer free.


As the image from VT makes clear, this is some kind of trojan that's exploiting CVE-2018-4993. Let's open it up and take a look inside.

This is a very small file. There's only 4 objects, but the one that interests us is Object 3 and the value for the dictionary key /AA. Note that this contains a child dictionary with key name /O. That's important because the /O key specifies actions that should occur when a document is opened. And the value of this key is itself another dictionary containing /JS, indicating yet again some encoded JavaScript.

Pdf Reader Document Expert Mac

Unlike our previous file, however, this one does not specify a filter. Luckily, the value of 'JS' is clearly recognisable as octal encoding. Octal (or 'oct') uses three digits between 0 and 7 to specify a single value. The best thing about oct is we don't need to roll up our Python sleeves to interpret it; we can just print it out directly on the command line:

As printf shows, the octals represent the same kind of JavaScript call that we saw in the previous example, leveraging the this.submitForm() function.

Going back to the /AA dictionary in the PDF, note the two lines which specify

/S /GoToR

This code issues the 'Go To Remote' action, telling the reader application to jump to the destination specified under the /F key.

Stealing Credentials with an SMB Attack

We can use cURL to grab the headers from that IP address to see what we can learn.

Looks like we need some authentication to get past the server, and that's exactly where the danger lies for Windows users. If the attacker has set up the remote file as an SMB share, then the crafted PDF's attempt to jump to that location will cause an exchange between the user's machine and the attacker's server in which the user's NTLM credentials are leaked.

This happens because when a user tries to access SMB shared files, Windows sends the user name and a hashed password to automatically try to log in. Although the hashed password is not the user's actual password, the leaked credentials can both be used to set up SMB Relay attacks and, if the password is not particularly strong, the plain-text version can easily be retrieved from the hash by automated password-cracking tools.

Let's see what VT makes of the IP address.

This host has a reputation as malicious, so there's a good chance that this PDF file is, as suspected, trying to capture the user's NTLM credentials.

How to Protect Your Enterprise Data from Leaks?

Another Day, Another Callback

In January this year, another kind of callback flaw was spotted in XFA forms. XFA (also known as 'Adobe LiveCyle') was introduced by Adobe in PDF v1.5 and allows PDFs to dynamically resize fields within a document, among other things. Unfortunately, XFA also lends itself to misuse. As explained in this POC, a stream can contain an xml-stylesheet that can also be used to initiate a direct connection to a remote server or SMB share.

In this stream, the reader will parse the URL and immediately attempt a connection. Although there are no known cases of this method being used in the wild to date, the researcher tested it against Adobe Acrobat Reader DC, version 19.010.20069.

Pdf File Reader App

Protecting Against PDF Attacks

It's impossible to tell whether a PDF file contains a credential stealing-callback or malicious JavaScript before opening it, unless you actually inspect it in the ways we've shown here. Of course, for most users and most use cases, that's not a practical solution.

There are, however, a couple of things you can do on the user-side. Most readers and browsers will have some form of JavaScript control. In Adobe's Acrobat Reader DC, for example, you can disable Acrobat JavaScript in the Preferences and manage access to URLs. Similarly, with a bit of effort, users can also customize how Windows handles NTLM.

While these mitigations are 'nice to have' and certainly worth considering, bear in mind that these features were added, just like MS Office Macros, to improve usability and productivity. Therefore, be sure that you're not disabling some functionality that is an important part of your own or your organization's workflow.

For enterprise situations, you should ensure you have a good EDR security solution that can offer both full visibility into your network traffic, including encrypted communications, and which can offer comprehensive Firewall control. Of course, in these days, behavioral AI detection is a must-have to properly protect your network and assets from all attacks, including malicious PDF. SentinelOne customers can, in addition, scan PDF documents before they are accessed with our Nexus Embedded SDK.

Conclusion

Leveraging malicious PDFs is a great tactic for threat actors as there's no way for the user to be aware of what code the PDF runs as it opens. Both the file format and file readers have a long history of exposed and, later, patched flaws. Because of the useful, dynamic features included in the document format, it's reasonable to assume further flaws will be exposed and exploited by adversaries. With the ever-increasing tide of phishing and social engineering tactics targeting users, it's vital that you remain vigilant about the dangers of PDFs and deploy a Next Gen security solution to prevent attacks.

Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security





broken image
PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save