[OS X TeX] Are Poisoned PDFs a concern with TeXShop or Skim?

Ross Moore ross.moore at mq.edu.au
Mon May 24 15:32:28 EDT 2010


Hello Ramón,

On 25/05/2010, at 4:22 AM, Ramón Figueroa-Centeno wrote:

>
> Aloha,
>
> I just read in PCWorld and article titled "Poisoned PDFs? Here's Your
> Antidote" <http://bit.ly/dxhmBT>.
>
> Scary stuff :(
>
> So I was wondering if this is a concern with TeXShop or Skim?

This is a "Social Engineering" kind of attack.
Firstly you need to have downloaded a poisoned PDF from some
dubious website, then you need to allow it to do its dirty work.
If you are aware of the possibility and how it works, then
you are unlikely to be sucked in.

But even if you do allow the program to attempt to run,
it almost certainly will not, because you are on a Mac.
The executable is surely for a PC. (touchwood)

> I am assuming
> that the PDFs generated with pdfTeX are safe, right?

If you have all the malware ingredients, then there are ways
to put included files into the PDFs you create, and to assign
the /OpenAction scripts, etc.
So if you want to do this, then yes you can; but it
certainly isn't going to happen without your own input.

>
> Mahalo,
>
> Ramón
> --  
> View this message in context: http://macosx-tex. 
> 576846.n2.nabble.com/Are-Poisoned-PDFs-a-concern-with-TeXShop-or- 
> Skim-tp5095110p5095110.html



Hope this helps,

	Ross

------------------------------------------------------------------------
Ross Moore                                       ross.moore at mq.edu.au
Mathematics Department                           office: E7A-419
Macquarie University                             tel: +61 (0)2 9850 8955
Sydney, Australia  2109                          fax: +61 (0)2 9850 8114
------------------------------------------------------------------------






More information about the MacOSX-TeX mailing list