Adobe Secures Reader X With Sandboxing Technology

Adobe Systems has released Adobe Reader X, bringing with it the sandboxing technology the company has touted as an answer to some of its recent security failings.

The sandboxing is aimed at Windows users who have borne the brunt of the attacks against the PDF-viewing software. The technology is similar to that which Google built into Chrome and Microsoft incorporated into Office 2010 Protected Viewing Mode.

Mitigating Attempted Attacks

Adobe Reader now has its own ‘Protected Mode’, which represents “an exciting new advancement in mitigating the impact of attempted attacks”, the company told eWEEK.

“While sandboxing is not a security silver bullet, it provides a strong additional level of defence against attacks as software vendors work on reducing both the frequency and the impact of security vulnerabilities,” an Adobe spokesperson said.

The initial release of Adobe Reader Protected Mode sandboxes all write calls on Windows 7, Windows Vista, Windows XP, Windows Server 2008 and Windows Server 2003. Future releases will extend the technology to include read-only activities as well, though the company said the timing for that is still being determined.

Enabled by default, Protected Mode effectively means all operations required by Reader to display PDF files are run inside the sandbox. If Reader needs to perform an action not permitted in the sandbox environment – like writing to the user’s temporary folder – those requests are funnelled through a “broker process” controlled by a set of policies for what is and what is not allowed.

“For Adobe Reader, this means that even if exploitable security vulnerabilities are found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files or installing malware on potential victims’ computers,” the spokesperson said. “That’s because the attacker would not only have to find a vulnerability in the software itself – he would also have to find a second vulnerability to break out of the sandbox.”

There has been no shortage of Reader vulnerabilities this year. Earlier this week, the company released an update that patched a vulnerability affecting a component in Reader used to render Flash content that had come under attack.

“Adobe’s product security initiatives are focused on reducing both the frequency and the impact of security vulnerabilities,” blogged Brad Arkin, senior director of product security and privacy at Adobe. “Adobe Reader Protected Mode represents an exciting new advancement in mitigating the impact of attempted attacks. While sandboxing is not a security silver bullet, it provides a strong additional level of defence against attacks.”

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

12 hours ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

13 hours ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

15 hours ago

VW, Rivian Launch Joint Venture, As Investment Rises To $5.8 Billion

Volkswagen and Rivian officially launch their joint venture, as German car giant ups investment to…

16 hours ago

AMD Axes 4 Percent Of Staff, Amid AI Chip Focus

Merry Christmas staff. AMD hands marching orders to 1,000 employees in the led up to…

19 hours ago

Tesla Recalls 2,431 Cybertrucks Over Propulsion Issue

Recall number six in 2024 for Tesla Cybertruck, and this time the fault cannot be…

20 hours ago