Ask HN: What if I open on a malicious PDF AirDropped to my iPhone by a stranger?

1•scripper1•6mo ago

The title says it all. I made a mistake. I opened my iPhone to receive AirDrop photos from a stranger. I later found a PDF in Files and tried to open (after disconnecting from the internet), but Files crashed and the file disappeared. I was on 18.4. Do you think it's possible that there's a PDF exploit I've been victim to?

Comments

SilentTiger•6mo ago

Receiving data from strangers is dangerous. While we generally consider iOS to be secure, but you know that there are numerous zero-day vulnerabilities. Who knows if this PDF file might contain a script that exploits one? Therefore, avoid accepting data from strangers and, ideally, change your AirDrop settings to "Contacts Only."

scripper1•6mo ago

Yeah, that's about what I was thinking, that a zero-day would do it. Thank you. Fingers crossed.

bell-cot•6mo ago

Possible? Yes.

How valuable a target were you, vs. how valuable would an AirDrop'ed PDF exploit against 18.4 have been when this happened? High-value exploits are reserved for high-value targets.

I'd go further than SilentTiger's advice - if you're not actively using AirDrop, then turn it completely off.

scripper1•6mo ago

I’m a rando. This was on a street in New York. There’s a chance he was just spraying and praying he’d find someone who hadn’t updated iOS, but I guess I can’t know for sure. Would you know if it’s possible to check how any info has left my phone? My email, text, and iCloud look OK, and I’ve changed my passwords, but I’m not sure if it’s possible to wipe records here or communicate otherwise.

lhmiles•6mo ago

An exploit is the most likely explanation for the events you described. You could probably swap your phone for an identical model at a phone store pretty cheap

scripper1•6mo ago

Thanks. I rebooted it. For previous exploits, do you think that would be enough?

lhmiles•6mo ago

All the iOS malware I am aware of is persistent

scripper1•6mo ago

Yeesh. Thanks. I guess that makes swapping for a used phone not an option.

Show HN: Env-shelf – Open-source desktop app to manage .env files

Show HN: Almostnode – Run Node.js, Next.js, and Express in the Browser

Dell support (and hardware) is so bad, I almost sued them

Project Pterodactyl: Incremental Architecture

Styling: Search-Text and Other Highlight-Y Pseudo-Elements

Crypto firm accidentally sends $40B in Bitcoin to users

Magnetic fields can change carbon diffusion in steel

Fantasy football that celebrates great games

Show HN: Animalese

StrongDM's AI team build serious software without even looking at the code

John Haugeland on the failure of micro-worlds

Show HN: Velocity - Free/Cheaper Linear Clone but with MCP for agents

Corning Invented a New Fiber-Optic Cable for AI and Landed a $6B Meta Deal [video]

Show HN: XAPIs.dev – Twitter API Alternative at 90% Lower Cost

Near-Instantly Aborting the Worst Pain Imaginable with Psychedelics

Show HN: Nginx-defender – realtime abuse blocking for Nginx

The Super Sharp Blade

Smart Homes Are Terrible

What I haven't figured out

KPMG pressed its auditor to pass on AI cost savings

Open-source Claude skill that optimizes Hinge profiles. Pretty well.

First Proof

I squeezed a BERT sentiment analyzer into 1GB RAM on a $5 VPS

Kagi Translate

Building Interactive C/C++ workflows in Jupyter through Clang-REPL [video]

Tactical tornado is the new default

Full-Circle Test-Driven Firmware Development with OpenClaw

Automating Myself Out of My Job – Part 2

Dependency Resolution Methods

Crypto firm apologises for sending Bitcoin users $40B by mistake

Show HN: Env-shelf – Open-source desktop app to manage .env files

Show HN: Almostnode – Run Node.js, Next.js, and Express in the Browser

Dell support (and hardware) is so bad, I almost sued them

Project Pterodactyl: Incremental Architecture

Styling: Search-Text and Other Highlight-Y Pseudo-Elements

Crypto firm accidentally sends $40B in Bitcoin to users

Magnetic fields can change carbon diffusion in steel

Fantasy football that celebrates great games

Show HN: Animalese

StrongDM's AI team build serious software without even looking at the code

John Haugeland on the failure of micro-worlds

Show HN: Velocity - Free/Cheaper Linear Clone but with MCP for agents

Corning Invented a New Fiber-Optic Cable for AI and Landed a $6B Meta Deal [video]

Show HN: XAPIs.dev – Twitter API Alternative at 90% Lower Cost

Near-Instantly Aborting the Worst Pain Imaginable with Psychedelics

Show HN: Nginx-defender – realtime abuse blocking for Nginx

The Super Sharp Blade

Smart Homes Are Terrible

What I haven't figured out

KPMG pressed its auditor to pass on AI cost savings

Open-source Claude skill that optimizes Hinge profiles. Pretty well.

First Proof

I squeezed a BERT sentiment analyzer into 1GB RAM on a $5 VPS

Kagi Translate

Building Interactive C/C++ workflows in Jupyter through Clang-REPL [video]

Tactical tornado is the new default

Full-Circle Test-Driven Firmware Development with OpenClaw

Automating Myself Out of My Job – Part 2

Dependency Resolution Methods

Crypto firm apologises for sending Bitcoin users $40B by mistake

Ask HN: What if I open on a malicious PDF AirDropped to my iPhone by a stranger?

Comments