Not sure if this post isn’t a ~comp topic in disguise, but I’ll leave a comment that certainly is: Given there have already been numerous exploits using PDF’s scripting (example*), one has to...
Not sure if this post isn’t a ~comp topic in disguise, but I’ll leave a comment that certainly is:
Given there have already been numerous exploits using PDF’s scripting (example*), one has to wonder when the point is reached where fully arbitrary execution possibilities in a PDF will be stopped/made unsupported.
I suspect it is currently not a big issue yet simply because many vendors’ default PDF viewers are just that – fairly dumb viewers. Some don’t even support all of the actually useful features! Let alone the, ahem, less commonly needed ones like CAD work as a file within a PDF (yes, an actual part/extension of the standard, known as PDF/E.)
Another “issue”/example for my case which I happen to know: Apple’s platforms, by default (e.g. for the print to PDF features) produce some ancient PDF version, I believe something like 1.3 from the early 2000s (most current alternative would be a revision to 2.0 from 2020 IIRC). And why would they need to support anything higher in default PDF creation? 3D annotations? Sound?Video? The old versions of the standard are a perfectly fine format for just displaying static content in a portable manner. (In fact, 1.3’s the basis for the first version of the PDF/A archival standard, if I’m not mistaken.)
So, I’d claim that both low use on the producer side(s) and low usability/availability on a lot of the consumer/user side for some of the most advanced PDF features are the reason this hasn’t caused more mainstream concern so far in terms of exploits. I guess we’ll have to see what happens once these features (if ever) see an uptake/widespread usage. Maybe you won’t be able to open arbitrary email attachments anymore without consideration, after all… or maybe it’ll be like tracking pixels in today’s email: annoying, potentially harmful, but realistically not a security issue except for privacy.
*Correction: I read the Project Zero explanation post again, and the described exploit, as far as I understand it, actually in fact wasn’t an issue with JS availability in PDF, at least not directly.
My current company is very PDF heavy, and as far as I know, we're very aware of it, and have blocked off code execution from that side for a while now. If that helps ease your mind a bit lol.
My current company is very PDF heavy, and as far as I know, we're very aware of it, and have blocked off code execution from that side for a while now. If that helps ease your mind a bit lol.
Not sure if this post isn’t a ~comp topic in disguise, but I’ll leave a comment that certainly is:
Given there have already been numerous exploits using PDF’s scripting (example*), one has to wonder when the point is reached where fully arbitrary execution possibilities in a PDF will be stopped/made unsupported.
I suspect it is currently not a big issue yet simply because many vendors’ default PDF viewers are just that – fairly dumb viewers. Some don’t even support all of the actually useful features! Let alone the, ahem, less commonly needed ones like CAD work as a file within a PDF (yes, an actual part/extension of the standard, known as PDF/E.)
Another “issue”/example for my case which I happen to know: Apple’s platforms, by default (e.g. for the print to PDF features) produce some ancient PDF version, I believe something like 1.3 from the early 2000s (most current alternative would be a revision to 2.0 from 2020 IIRC). And why would they need to support anything higher in default PDF creation? 3D annotations? Sound?Video? The old versions of the standard are a perfectly fine format for just displaying static content in a portable manner. (In fact, 1.3’s the basis for the first version of the PDF/A archival standard, if I’m not mistaken.)
So, I’d claim that both low use on the producer side(s) and low usability/availability on a lot of the consumer/user side for some of the most advanced PDF features are the reason this hasn’t caused more mainstream concern so far in terms of exploits. I guess we’ll have to see what happens once these features (if ever) see an uptake/widespread usage. Maybe you won’t be able to open arbitrary email attachments anymore without consideration, after all… or maybe it’ll be like tracking pixels in today’s email: annoying, potentially harmful, but realistically not a security issue except for privacy.
*Correction: I read the Project Zero explanation post again, and the described exploit, as far as I understand it, actually in fact wasn’t an issue with JS availability in PDF, at least not directly.
My current company is very PDF heavy, and as far as I know, we're very aware of it, and have blocked off code execution from that side for a while now. If that helps ease your mind a bit lol.