Does that mean that opening arbitrary pdfs on your laptop is unsafe?

Sohcahtoa82 18 hours ago | parent | next [-]

Let me put it this way...

In one of my penetration testing training classes, in one of the lessons, we generated a malicious PDF file that would give us a shell when the victim opened it in Adobe.

Granted, it relied on a specific bug in the JavaScript engine of Adobe Reader, so unless they're using a version that's 15 years old, it wouldn't work today, but you can't be too cautious. 0-days can always exist.

▲

bmacho 18 hours ago | parent | prev [-]

Yes, opening random pdfs especially in random and old pdf viewers is not a good idea.

If you must open a possibly infected pdf, then do it in browser, pdf.js is considered mostly safe, and updated.

▲

rvnx 15 hours ago | parent [-]

Use the PDF to JPG online services, convenient and you still get your result without having to deal with any sandbox

▲

bpt3 14 hours ago | parent [-]

Except of course that you're sharing the contents of that PDF with a random online service.

	▲	rvnx 14 hours ago \| parent [-]
		True, I just considered that once you handle a PDF with so much care like if it was poisoned, it's perhaps better to send this poison to someone else to handle.