From Bruce Schneier's CryptoBlog newsletter: "This would matter more if PDF digital signatures were widely used. Still, the researchers have worked with the various companies that make PDF readers to close the vulnerabilities. You should update your software." https://web-in-security.blogspot.com/2019/02/how-to-spoof-pdf-signatures.ht… "Details are here." https://www.nds.ruhr-uni-bochum.de/media/ei/veroeffentlichungen/2019/02/12/… [Ironically, in a PDF file.] Leslie