Hacker News new | past | comments | ask | show | jobs | submit login

Pretty much any file you could open on your computer can be used to install malware (given the right conditions). It’s not limited to applications. And that malware can now hijack these services that bypass firewalls, VPNs, etc undetected.



Thank you. I am not sophisticated about these things so let me ask a follow-up. By "open" a file, most end users think of documents that are opened by applications... either from the App Store or from Apple.

I think you are thinking about things like shell scripts, binary executables that run in the terminal which being an official Mac "Application", etc. Is that right?


Malware can be embedded in just about anything. PDFs and other documents are a common vector. While scripts and executables are obviously a greater risk, it’s pretty easy to mask malware as those files as well.


For something like a PDF, macOS would open Preview, or some other PDF-handling app, to handle it if the user opens it in the Finder. So the PDF would have to have code in it that exploited some security weakness in the associated app that would cause the code to be executed, correct?

Just trying to make sure I'm understanding.


Yes, that's correct.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: