efitz 8 days ago

This is amazing and terrifying (I am a security engineer and parsing complex document formats is a never-ending treasure trove of vulnerabilities).

5
wayvey 8 days ago

The amount of attack surface in various format parsers is pretty stunning and terrifying indeed

enews01 7 days ago

Theres a malaysian movie where the main premise is a hacker who uses pdf executions to steal one cent from every persons bank account. Its pretty interesting.

1 reply
brettermeier 7 days ago

Do you know the name of the movie?

1 reply
wastholm 7 days ago

Not OP, but I found a series, not a movie, titled _One Cent Thief_ that fits the description. Sounds interesting.

https://archive.org/details/OneCentThiefSeries

mizzao 8 days ago

The "code execution" in PDF parsing is what enabled this legendary zero-click, zero-day exploit of iOS devices: https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-i...

1 reply
kccqzy 8 days ago

That exploit is indeed legendary but the code execution involved is not JavaScript. In fact the iOS PDF renderer does not have JavaScript enabled.

1 reply
saagarjha 8 days ago

Obviously a skill issue; a true hacker would re-enable it.

tashian 8 days ago

AI agents run in isolated VMs, but PDFs have been out here running in the open for 30 years!

1 reply
miohtama 8 days ago

But can your PDF run an AI agent?

4 replies
Swizec 8 days ago

> But can your PDF run an AI agent?

Oh it's so much worse than that. Your font can run an AI agent.

Llama.ttf: A font which is also an LLM -- https://news.ycombinator.com/item?id=40766791

3 replies
belowm 8 days ago

Crazy. Looking forward shipping apps as .ttf instead of docker images.

erk__ 7 days ago

You can also play Tetris in a font: https://www.youtube.com/watch?v=Ms1Drb9Vw9M&t=1370s

(disclaimer: own work)

bawolff 8 days ago

Well a font using a custom experimental shaping library. Your font can't do it normally.

hnlmorg 8 days ago

In my opinion the question isn’t so much “if” but rather “when”.

When will AI research and hardware capabilities reach a point that it’s practical to embed something like that into a regular document?

We’ve already seen proof of concept LLMs embedded into OpenType fonts.

I guess the other question is then “what capabilities would these AI agents have?” You’d hope just permission to present within that document. But that depends entirely on what unpatched vulnerabilities are lurking (such as the Microsoft ANSI RCE also featured on the HN front page)

1 reply
btown 8 days ago

For Chrome's PDF renderer, the runtime is V8, so we're literally one (hilarious) line of code away from this glorious future existing today:

https://pdfium.googlesource.com/pdfium/+/refs/heads/main/fpd...

> // Use interpreted JS only to avoid RWX pages in our address space. Also, --jitless implies --no-expose-wasm, which reduce exposure since no PDF should contain web assembly.

> return "--jitless";

1 reply
Thorrez 8 days ago

You could write an LLM in plain JS, right?

1 reply
btown 6 days ago

Yep, but one without the ability to even JIT down to vectorized CPU commands (to say nothing of GPU connectivity) would be incredibly slow indeed!

freedomben 8 days ago

Looking forward to a day when you may not have a powerful enough GPU to open a PDF

siva7 8 days ago

The first widespread AI Malware will be a historic moment in this century. It will adapt like a real biological virus to its host and we have no cure for this.

1 reply
saagarjha 8 days ago

We could unplug all the GPUs.

neuroelectron 8 days ago

This isn't even the beginning of what's possible in PDFs.