MobileRead Forums - View Single Post - Security threat with iOS 4 and iPad and pdf's

toddos · 08-05-2010, 04:52 PM

Almost, but not quite. That's true if you're physically opening PDFs, but the hack is that PDFs can be loaded automatically. You navigate to shady site X, and that site automatically loads a hacked PDF with malicious payload. If done correctly, you'll never even know that the site just hacked you.

That's why you need to install the PDF Loading Warner (which can only be done after jailbreaking), to stop Safari from automatically and silently opening PDFs. You can still be hacked even after that, since the warner doesn't fix the whole. It just lets you know that, "Hey, this site here just tried to open a PDF. That could be dangerous. You sure you want to do that?" and allows you to stop the load before it's dangerous. If you allow it through anyway, you can still be hacked.

08-05-2010, 04:52 PM	#20
toddos Guru Posts: 695 Karma: 822675 Join Date: May 2010 Device: Kobo Aura, Nokia Lumia 920 (Freda)	Almost, but not quite. That's true if you're physically opening PDFs, but the hack is that PDFs can be loaded automatically. You navigate to shady site X, and that site automatically loads a hacked PDF with malicious payload. If done correctly, you'll never even know that the site just hacked you. That's why you need to install the PDF Loading Warner (which can only be done after jailbreaking), to stop Safari from automatically and silently opening PDFs. You can still be hacked even after that, since the warner doesn't fix the whole. It just lets you know that, "Hey, this site here just tried to open a PDF. That could be dangerous. You sure you want to do that?" and allows you to stop the load before it's dangerous. If you allow it through anyway, you can still be hacked.