Ask HN: What if I open on a malicious PDF AirDropped to my iPhone by a stranger?
The title says it all. I made a mistake. I opened my iPhone to receive AirDrop photos from a stranger. I later found a PDF in Files and tried to open (after disconnecting from the internet), but Files crashed and the file disappeared. I was on 18.4. Do you think it's possible that there's a PDF exploit I've been victim to? Receiving data from strangers is dangerous. While we generally consider iOS to be secure, but you know that there are numerous zero-day vulnerabilities. Who knows if this PDF file might contain a script that exploits one? Therefore, avoid accepting data from strangers and, ideally, change your AirDrop settings to "Contacts Only." Yeah, that's about what I was thinking, that a zero-day would do it. Thank you. Fingers crossed. Possible? Yes. How valuable a target were you, vs. how valuable would an AirDrop'ed PDF exploit against 18.4 have been when this happened? High-value exploits are reserved for high-value targets. I'd go further than SilentTiger's advice - if you're not actively using AirDrop, then turn it completely off. I’m a rando. This was on a street in New York. There’s a chance he was just spraying and praying he’d find someone who hadn’t updated iOS, but I guess I can’t know for sure. Would you know if it’s possible to check how any info has left my phone? My email, text, and iCloud look OK, and I’ve changed my passwords, but I’m not sure if it’s possible to wipe records here or communicate otherwise. An exploit is the most likely explanation for the events you described. You could probably swap your phone for an identical model at a phone store pretty cheap Thanks. I rebooted it. For previous exploits, do you think that would be enough? All the iOS malware I am aware of is persistent Yeesh. Thanks. I guess that makes swapping for a used phone not an option.