Comment by efitz

Comment by efitz 8 days ago

21 replies

View on Hacker News

This is amazing and terrifying (I am a security engineer and parsing complex document formats is a never-ending treasure trove of vulnerabilities).

wayvey 8 days ago

The amount of attack surface in various format parsers is pretty stunning and terrifying indeed

Reply View 0 replies
enews01 8 days ago

Theres a malaysian movie where the main premise is a hacker who uses pdf executions to steal one cent from every persons bank account. Its pretty interesting.

Reply View 2 replies
mizzao 8 days ago

The "code execution" in PDF parsing is what enabled this legendary zero-click, zero-day exploit of iOS devices: https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-i...

Reply View 2 replies
  • kccqzy 8 days ago

    That exploit is indeed legendary but the code execution involved is not JavaScript. In fact the iOS PDF renderer does not have JavaScript enabled.

    Reply View 1 reply
    • saagarjha 8 days ago

      Obviously a skill issue; a true hacker would re-enable it.

      Reply View 0 replies
tashian 8 days ago

AI agents run in isolated VMs, but PDFs have been out here running in the open for 30 years!

Reply View 12 replies
  • miohtama 8 days ago

    But can your PDF run an AI agent?

    Reply View 11 replies
    • Swizec 8 days ago

      > But can your PDF run an AI agent?

      Oh it's so much worse than that. Your font can run an AI agent.

      Llama.ttf: A font which is also an LLM -- https://news.ycombinator.com/item?id=40766791

      Reply View 3 replies
    • hnlmorg 8 days ago

      In my opinion the question isn’t so much “if” but rather “when”.

      When will AI research and hardware capabilities reach a point that it’s practical to embed something like that into a regular document?

      We’ve already seen proof of concept LLMs embedded into OpenType fonts.

      I guess the other question is then “what capabilities would these AI agents have?” You’d hope just permission to present within that document. But that depends entirely on what unpatched vulnerabilities are lurking (such as the Microsoft ANSI RCE also featured on the HN front page)

      Reply View 3 replies
      • btown 8 days ago

        For Chrome's PDF renderer, the runtime is V8, so we're literally one (hilarious) line of code away from this glorious future existing today:

        https://pdfium.googlesource.com/pdfium/+/refs/heads/main/fpd...

        > // Use interpreted JS only to avoid RWX pages in our address space. Also, --jitless implies --no-expose-wasm, which reduce exposure since no PDF should contain web assembly.

        > return "--jitless";

        Reply View 2 replies
    • freedomben 8 days ago

      Looking forward to a day when you may not have a powerful enough GPU to open a PDF

      Reply View 0 replies
    • siva7 8 days ago

      The first widespread AI Malware will be a historic moment in this century. It will adapt like a real biological virus to its host and we have no cure for this.

      Reply View 1 reply