Ask HN: What if I open on a malicious PDF AirDropped to my iPhone by a stranger?

1•scripper1•6mo ago

The title says it all. I made a mistake. I opened my iPhone to receive AirDrop photos from a stranger. I later found a PDF in Files and tried to open (after disconnecting from the internet), but Files crashed and the file disappeared. I was on 18.4. Do you think it's possible that there's a PDF exploit I've been victim to?

Comments

SilentTiger•6mo ago

Receiving data from strangers is dangerous. While we generally consider iOS to be secure, but you know that there are numerous zero-day vulnerabilities. Who knows if this PDF file might contain a script that exploits one? Therefore, avoid accepting data from strangers and, ideally, change your AirDrop settings to "Contacts Only."

scripper1•6mo ago

Yeah, that's about what I was thinking, that a zero-day would do it. Thank you. Fingers crossed.

bell-cot•6mo ago

Possible? Yes.

How valuable a target were you, vs. how valuable would an AirDrop'ed PDF exploit against 18.4 have been when this happened? High-value exploits are reserved for high-value targets.

I'd go further than SilentTiger's advice - if you're not actively using AirDrop, then turn it completely off.

scripper1•6mo ago

I’m a rando. This was on a street in New York. There’s a chance he was just spraying and praying he’d find someone who hadn’t updated iOS, but I guess I can’t know for sure. Would you know if it’s possible to check how any info has left my phone? My email, text, and iCloud look OK, and I’ve changed my passwords, but I’m not sure if it’s possible to wipe records here or communicate otherwise.

lhmiles•6mo ago

An exploit is the most likely explanation for the events you described. You could probably swap your phone for an identical model at a phone store pretty cheap

scripper1•6mo ago

Thanks. I rebooted it. For previous exploits, do you think that would be enough?

lhmiles•6mo ago

All the iOS malware I am aware of is persistent

scripper1•6mo ago

Yeesh. Thanks. I guess that makes swapping for a used phone not an option.

Code only says what it does

The success of 'natural language programming'

The Scriptovision Super Micro Script video titler is almost a home computer

Discovering the "original" iPhone from 1995 [video]

Psychometric Comparability of LLM-Based Digital Twins

SidePop – track revenue, costs, and overall business health in one place

The Other Markov's Inequality

The Cascading Effects of Repackaged APIs [pdf]

Lightweight and extensible compatibility layer between dataframe libraries

Haskell for all: Beyond agentic coding

Dorsey's Block cutting up to 10% of staff

Show HN: Freenet Lives – Real-Time Decentralized Apps at Scale [video]

In the AI age, 'slow and steady' doesn't win

Administration won't let student deported to Honduras return

How were the NIST ECDSA curve parameters generated? (2023)

AI, networks and Mechanical Turks (2025)

Goto Considered Awesome [video]

Show HN: I Built a Free AI LinkedIn Carousel Generator

Implementing Auto Tiling with Just 5 Tiles

Open Challange (Get all Universities involved

Apple Tried to Tamper Proof AirTag 2 Speakers – I Broke It [video]

Show HN: Isolating AI-generated code from human code | Vibe as a Code

Show HN: More beautiful and usable Hacker News

Toledo Derailment Rescue [video]

War Department Cuts Ties with Harvard University

Show HN: LocalGPT – A local-first AI assistant in Rust with persistent memory

A Bid-Based NFT Advertising Grid

AI readability score for your documentation

NASA Study: Non-Biologic Processes Don't Explain Mars Organics

I inhaled traffic fumes to find out where air pollution goes in my body

Code only says what it does

The success of 'natural language programming'

The Scriptovision Super Micro Script video titler is almost a home computer

Discovering the "original" iPhone from 1995 [video]

Psychometric Comparability of LLM-Based Digital Twins

SidePop – track revenue, costs, and overall business health in one place

The Other Markov's Inequality

The Cascading Effects of Repackaged APIs [pdf]

Lightweight and extensible compatibility layer between dataframe libraries

Haskell for all: Beyond agentic coding

Dorsey's Block cutting up to 10% of staff

Show HN: Freenet Lives – Real-Time Decentralized Apps at Scale [video]

In the AI age, 'slow and steady' doesn't win

Administration won't let student deported to Honduras return

How were the NIST ECDSA curve parameters generated? (2023)

AI, networks and Mechanical Turks (2025)

Goto Considered Awesome [video]

Show HN: I Built a Free AI LinkedIn Carousel Generator

Implementing Auto Tiling with Just 5 Tiles

Open Challange (Get all Universities involved

Apple Tried to Tamper Proof AirTag 2 Speakers – I Broke It [video]

Show HN: Isolating AI-generated code from human code | Vibe as a Code

Show HN: More beautiful and usable Hacker News

Toledo Derailment Rescue [video]

War Department Cuts Ties with Harvard University

Show HN: LocalGPT – A local-first AI assistant in Rust with persistent memory

A Bid-Based NFT Advertising Grid

AI readability score for your documentation

NASA Study: Non-Biologic Processes Don't Explain Mars Organics

I inhaled traffic fumes to find out where air pollution goes in my body

Ask HN: What if I open on a malicious PDF AirDropped to my iPhone by a stranger?

Comments