A pdf file doesnt have any special permissions or anything so i cant think of any way that itd be able to
is viewing a pdf file in chrome completly safe?
how does editing a word document leave you more vulnerable than if you were just viewing it?
In: 4927
[removed]
The pegasus software famously used a no click exploit they just need your phone number to pwn your device. It worked by sending a PDF as a GIF file through text message to the target device.
In this case, an iPhone, and when the OS opened the file, it didn’t check that the file contents was actually GIF and sees it’s a PDF for opens it anyway as a PDF.
In the PDF there is a specially crafted buffer overflow that exploits how iPhone reads PDF files and allows arbitrary data to be written to outside the memory bounds.
From there they built a rudimentary computer in memory that they could later read or write to/from the entire device.
The point of his video was that it LOOKED like a pdf but when he opened it, it was not a pdf and he just moved along without actually wondering why the file that LOOKED like a pdf was not actually a pdf.
The pegasus software famously used a no click exploit they just need your phone number to pwn your device. It worked by sending a PDF as a GIF file through text message to the target device.
In this case, an iPhone, and when the OS opened the file, it didn’t check that the file contents was actually GIF and sees it’s a PDF for opens it anyway as a PDF.
In the PDF there is a specially crafted buffer overflow that exploits how iPhone reads PDF files and allows arbitrary data to be written to outside the memory bounds.
From there they built a rudimentary computer in memory that they could later read or write to/from the entire device.
The point of his video was that it LOOKED like a pdf but when he opened it, it was not a pdf and he just moved along without actually wondering why the file that LOOKED like a pdf was not actually a pdf.
The pegasus software famously used a no click exploit they just need your phone number to pwn your device. It worked by sending a PDF as a GIF file through text message to the target device.
In this case, an iPhone, and when the OS opened the file, it didn’t check that the file contents was actually GIF and sees it’s a PDF for opens it anyway as a PDF.
In the PDF there is a specially crafted buffer overflow that exploits how iPhone reads PDF files and allows arbitrary data to be written to outside the memory bounds.
From there they built a rudimentary computer in memory that they could later read or write to/from the entire device.
The point of his video was that it LOOKED like a pdf but when he opened it, it was not a pdf and he just moved along without actually wondering why the file that LOOKED like a pdf was not actually a pdf.
Someone’s watching LTT,
Yes a PDF can be malicious if it’s not really a PDF, but code designed to LOOK alike a pdf to you and to your computer.
I can right now make a script and change it’s icon and extension and windows will be sure it’s a PNG file, I double click it and a shell script runs in a CMD prompt then vanishes. What did it do? Who knows.. am I in trouble? Almost certainly.
Someone’s watching LTT,
Yes a PDF can be malicious if it’s not really a PDF, but code designed to LOOK alike a pdf to you and to your computer.
I can right now make a script and change it’s icon and extension and windows will be sure it’s a PNG file, I double click it and a shell script runs in a CMD prompt then vanishes. What did it do? Who knows.. am I in trouble? Almost certainly.
Someone’s watching LTT,
Yes a PDF can be malicious if it’s not really a PDF, but code designed to LOOK alike a pdf to you and to your computer.
I can right now make a script and change it’s icon and extension and windows will be sure it’s a PNG file, I double click it and a shell script runs in a CMD prompt then vanishes. What did it do? Who knows.. am I in trouble? Almost certainly.
Latest Answers