Adobe Secures Reader X With Sandboxing Technology

Adobe Systems has released Adobe Reader X, bringing with it the sandboxing technology the company has touted as an answer to some of its recent security failings.

The sandboxing is aimed at Windows users who have borne the brunt of the attacks against the PDF-viewing software. The technology is similar to that which Google built into Chrome and Microsoft incorporated into Office 2010 Protected Viewing Mode.

Mitigating Attempted Attacks

Adobe Reader now has its own ‘Protected Mode’, which represents “an exciting new advancement in mitigating the impact of attempted attacks”, the company told eWEEK.

“While sandboxing is not a security silver bullet, it provides a strong additional level of defence against attacks as software vendors work on reducing both the frequency and the impact of security vulnerabilities,” an Adobe spokesperson said.

The initial release of Adobe Reader Protected Mode sandboxes all write calls on Windows 7, Windows Vista, Windows XP, Windows Server 2008 and Windows Server 2003. Future releases will extend the technology to include read-only activities as well, though the company said the timing for that is still being determined.

Enabled by default, Protected Mode effectively means all operations required by Reader to display PDF files are run inside the sandbox. If Reader needs to perform an action not permitted in the sandbox environment – like writing to the user’s temporary folder – those requests are funnelled through a “broker process” controlled by a set of policies for what is and what is not allowed.

“For Adobe Reader, this means that even if exploitable security vulnerabilities are found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files or installing malware on potential victims’ computers,” the spokesperson said. “That’s because the attacker would not only have to find a vulnerability in the software itself – he would also have to find a second vulnerability to break out of the sandbox.”

There has been no shortage of Reader vulnerabilities this year. Earlier this week, the company released an update that patched a vulnerability affecting a component in Reader used to render Flash content that had come under attack.

“Adobe’s product security initiatives are focused on reducing both the frequency and the impact of security vulnerabilities,” blogged Brad Arkin, senior director of product security and privacy at Adobe. “Adobe Reader Protected Mode represents an exciting new advancement in mitigating the impact of attempted attacks. While sandboxing is not a security silver bullet, it provides a strong additional level of defence against attacks.”

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago