1

PDFs are very commonly found on the web, and I carefully either view them on the browsers, or use readers without the capability to run the scripts that may come with them (shitty design choice) like Evince or XReader, or, on Windows, disable the scripts on Adobe Reader.

However, I was wondering whether other sorts of attacks may be possible by exploiting other unpatched vulnerabilities. Since I find it hard to trust the 100% of PDFs you open, what are the best practices to minimize the risk?

memememe
  • 121
  • 1
  • Yes, other attacks that exploit unknown vulnerabilities are always possible. If you want to be really secure you'll have an external device (laptop or something) and use a one way communication channel (speaker + microphone or similar) to transfer documents to the air-gapped viewer machine. – user Oct 04 '19 at 19:36

1 Answers1

1

The best practise¹ would be to open them on a Virtual Machine (or even in a separate, physical machine that you could easily reimage after each use).

On Qubes OS, the ability to open a PDF on a separate, disposable VM is (mainly) integrated in the system: How Qubes makes handling PDFs way safer

They also include an option to create a trusted PDF, whiih basically created an image-based pdf in a separate VM.

The PDF Redact Tools can also be used to create clean, image-based, PDFs. It should as well be run on a separate VM.

¹ Assuming you are going to open them

Ángel
  • 17,578
  • 3
  • 25
  • 60
  • Would it be a good practice to run Qubes in a VM to create safe PDFs to use on my main system? – memememe Oct 05 '19 at 22:28
  • And given I use Virtualbox, what would be the safest way to pass the file from the guest to the host? – memememe Oct 05 '19 at 22:29
  • And also, are the files always innocuous until I open them? And what about if I open them in the browser's reader before downloading them? – memememe Oct 05 '19 at 22:31
  • Qubes uses an hypervisor and multiple VM (integrating them with features such as those). As it needs to create VMs by itself, it is not possible to run it inside a VM – Ángel Oct 05 '19 at 23:57
  • *Every* file is innocuous until it is opened and processed by a vulnerable application. However, note that it may be opened in more cases than when you open them with the viewer, such as your file manager processing them (asking a plugin to do so) in order to create a thumbnail which could be problematic if the malicious pdf was able to exploit the thumbnailer itself. – Ángel Oct 06 '19 at 00:02