Pretty sure that was already a thing years ago.
Comment on Doom is playable on PDFs (at least in Chromium-based browsers)
tal@lemmy.today 2 weeks ago
I can see it now: “New worm infects PDFs, causes users viewing them to mine Bitcoin.”
KickMeElmo@sopuli.xyz 2 weeks ago
JeeBaiChow@lemmy.world 2 weeks ago
This was the thought that entered my head. Kids these days didn’t live through rampant vbscripts running off the onLoad event.
iAmTheTot@sh.itjust.works 2 weeks ago
PDFs have been an attack vector for a while actually.
viking@infosec.pub 2 weeks ago
One more reason never to use the official adobe software. SumatraPDF is awesome. Barebones and blazing fast.
yggstyle@lemmy.world 2 weeks ago
Anti adobe is cool - the recommendation is appreciated… but any software can be the target of a document based exploit and may well be susceptible to the same exploit depending on the libraries used. Additionally, smaller software projects can take longer to update as they have less staff working on them. Absolutely support open software and alternatives… Just a word of caution.
iAmTheTot@sh.itjust.works 2 weeks ago
I don’t think it has to do with opening a PDF in Adobe, but okay.
viking@infosec.pub 2 weeks ago
Yeah it does. Adobe has a lot of active script support, including java script for example, which can be exploited. If a software can’t interpret those scripts at all and simply displays plain text, that means malware won’t be executed.
And since Adobe Acrobat / Acrobat Reader are the most common pdf viewers out there, they are a natural target for hackers as well.
yggstyle@lemmy.world 2 weeks ago
If you view it on your system it’s a vector. Large / complex documents which may parse things with different libraries just happen to have a larger attack surface.