Hacker News new | past | comments | ask | show | jobs | submit login

I could be wrong but I think technically a PDF exploit only affects a single viewer program, like Acrobat on windows, right?



Well yes, and in this case we're talking files that contain an exploit for a version of Acrobat from 2006 or so and an infection vector that only works on Windows XP, and connects to a botnet that is either long dead or now an NSA/CIA asset.

But Windows Defender quite rightly still quarantines the file.


It would depend on the exploit. For a simple example, an exploit that was a result of a flaw in the file specification could result in it being cross platform.

It's going to be rarer to find something of that scope, maybe even to the point of you being effectively right.


Also dodgy files can contain multiple exploits, potentially for different platforms. Problem here from the malicious actor's point of view is that each vector for attack is also a vector for detection, so rather than a cesspool of exploits it makes more sense to use single new and mostly unknown exploit that targets software used by the greatest number of victims.


It depends on the exploit and on the reader. If, for example, the reader supports javascript then it can be attacked, apart from other weaknesses. Chrome on Linux executes javascript in PDF, while Firefox does not.

Here is an example file: https://we.tl/q90gXERGmx

Built with https://github.com/cornerpirate/JS2PDFInjector




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: