Can a PDF file contain a virus?
There are many features in the PDF that can be used in malicious ways without exploiting a vulnerability. One example is given by Didier Stevens here. Basically he embeds an executable and has it launch when opening the file. I am not sure how today's versions of readers handle this but its a good method of using PDF features in malicious ways.
Would such a PDF be dangerous only on OS'es like Windows? Would the permission system of Mac/Linux be able to prevent such PDF's from running executables automatically?
@Nav executing code has little to do with the OS, and everything to do with the reader. Executing code is allowed to execute other code. Basically you have to trust the reader to not do something stupid like allowing a PDF to execute an application.
If you want an example malware, check out pidief.
And generally PDF malware will predominantly be just the dropper, not the payload itself.
To learn more on the vulnerabilities associated with pdf files and ways of detecting them before they do any damage read this kali documentation on peepdf.
Yes it can.
Whether a file is malicious or not, does not depend on the file extension (in this case PDF). It depends on the vulnerabilities in the software which will be parsing it. So for example, PDF reader that you are using potentially contains a buffer overflow vulnerability, then an attacker can construct a special PDF file to exploit that vulnerability.
Consequently, to guard against such attacks is also easy, just ensure your PDF reader is up-to-date.
A simple google search landed me up on the SANS Institute's overview of PDF malware, which seems to be good to start with.
For Adobe Reader, which is likely what you use if you didn't consciously choose something else, the bulletins at http://helpx.adobe.com/security/products/reader.html list the numerous fixed vulnerabilities, with no or little detail.
@Jor-el unsurprisingly this page is now serving a 404 error. Would you care to re-find it and summarise it in your answer?
(edit: I updated the link -- still, the proper thing to do would be to summarise the content).
"Guarding by constantly updating" is not necessarily 'easy', nor is it a guarantee that you won't fall prey to an unpatched vulnerability. Yes, it's a good thing to do, but it requires constant discipline. Adobe Reader has so many vulnerabilities that they include an automatic updater - do you really think they've all been found yet?