A lot of low level hacking relies on social engineering.
Apple products are protected by preventing vulnerable software like Java Script, Flash and executables from running. But the humans get tricked into making sensitive information.
Yes, FUD and voodoo practices do exist, just like social engineering.
Fear, lack of understanding, haste and convenience cause problems.
Brent
On my iPhone Xr
toggle quoted message
Show quoted text
On Feb 15, 2025, at 02:52, Randy B. Singer via groups.io <randy@...> wrote:
?
On Feb 14, 2025, at 11:39 AM, Paul via groups.io <paul@...> wrote:
Phishing scams:
The PDF might appear legitimate but contain links that lead to fake websites designed to capture your login credentials or other sensitive data.
There is very little that a malicious Web site can do to you if you don¡¯t volitionally give the site your information. Especially on iOS, but even on a Macintosh. Generally speaking, it¡¯s been years since I¡¯ve heard of a malicious Web site that was capable of a drive-by download with malicious intent on a Mac. Apple has mostly shored up all potential vulnerabilities in that regard. I¡¯ve never heard from an iOS user who has encountered a malicious download from a Web site. I highly doubt that such a thing exists other than in the minds of self-serving malware ¡°experts¡± who want to scare you.
Note that every single browser out there includes Google¡¯s Safe Browsing. GSB is a daily updated black list of malicious Web sites. It may actually be difficult to find, and get to, a malicious Web site even if you went out looking for one. If you find one, your access to the site will almost certainly be blocked by GSB.
Malware installation:
The PDF could be embedded with executable code that automatically installs malicious software on your iPhone when opened.
iOS doesn¡¯t run Java or Flash. The only executable code that it can run embedded in a PDF would be JavaScript. However, for this very reason, iOS will only handle a very limited subset of JavaScript. In other words, it will only run extremely innocuous commands. On top of that, whatever runs is very carefully sandboxed, so it can¡¯t damage, or even access, other software on your iOS device. I¡¯ve never heard a first-hand account of anyone encountering a malicious PDF on iOS. My guess is that you never will. iOS makes it difficult or impossible to create a truly malicious PDF. At the very worst, you might encounter scareware (i.e. a socially engineered message to scare you into doing something volitionally that is stupid.)
Data theft:
Malicious PDFs may be designed to harvest personal information like your contact details or financial information directly from your device.
How? I think that this is simply BS.
Ransomware attacks:
In some cases, opening a malicious PDF could trigger a ransomware attack, encrypting your data and demanding a ransom to decrypt it.
There are no ransomware attacks currently in the wild for the Macintosh or iOS. NOT¡ONE. There is scareware, but that¡¯s not a real ransomware attack. Please don¡¯t spread fallacious FUD. It¡¯s not nice.
__________________________________________________
Randy B. Singer
Co-author of The Macintosh Bible (4th, 5th, and 6th editions)
Essential But Hard To Find Macintosh Software and Advice
__________________________________________________
Brent