The pegasus software famously used a no click exploit they just need your phone number to pwn your device. It worked by sending a PDF as a GIF file through text message to the target device.
In this case, an iPhone, and when the OS opened the file, it didn’t check that the file contents was actually GIF and sees it’s a PDF for opens it anyway as a PDF.
In the PDF there is a specially crafted buffer overflow that exploits how iPhone reads PDF files and allows arbitrary data to be written to outside the memory bounds.
From there they built a rudimentary computer in memory that they could later read or write to/from the entire device.
The pegasus software famously used a no click exploit they just need your phone number to pwn your device. It worked by sending a PDF as a GIF file through text message to the target device.
In this case, an iPhone, and when the OS opened the file, it didn’t check that the file contents was actually GIF and sees it’s a PDF for opens it anyway as a PDF.
In the PDF there is a specially crafted buffer overflow that exploits how iPhone reads PDF files and allows arbitrary data to be written to outside the memory bounds.
From there they built a rudimentary computer in memory that they could later read or write to/from the entire device.
The pegasus software famously used a no click exploit they just need your phone number to pwn your device. It worked by sending a PDF as a GIF file through text message to the target device.
In this case, an iPhone, and when the OS opened the file, it didn’t check that the file contents was actually GIF and sees it’s a PDF for opens it anyway as a PDF.
In the PDF there is a specially crafted buffer overflow that exploits how iPhone reads PDF files and allows arbitrary data to be written to outside the memory bounds.
From there they built a rudimentary computer in memory that they could later read or write to/from the entire device.
Someone’s watching LTT,
Yes a PDF can be malicious if it’s not really a PDF, but code designed to LOOK alike a pdf to you and to your computer.
I can right now make a script and change it’s icon and extension and windows will be sure it’s a PNG file, I double click it and a shell script runs in a CMD prompt then vanishes. What did it do? Who knows.. am I in trouble? Almost certainly.
Someone’s watching LTT,
Yes a PDF can be malicious if it’s not really a PDF, but code designed to LOOK alike a pdf to you and to your computer.
I can right now make a script and change it’s icon and extension and windows will be sure it’s a PNG file, I double click it and a shell script runs in a CMD prompt then vanishes. What did it do? Who knows.. am I in trouble? Almost certainly.
Someone’s watching LTT,
Yes a PDF can be malicious if it’s not really a PDF, but code designed to LOOK alike a pdf to you and to your computer.
I can right now make a script and change it’s icon and extension and windows will be sure it’s a PNG file, I double click it and a shell script runs in a CMD prompt then vanishes. What did it do? Who knows.. am I in trouble? Almost certainly.
Latest Answers