The upcoming version of Adobe Reader will comes with new sandboxing technology, as Adobe Systems seeks to protect users from vulnerability exploits.
Known as ‘Protected Mode’, the technology will be included in the next full version of the PDF viewing software, and comes at a time when attackers are increasingly using Adobe vulnerabilities to compromise computers. The technology is aimed at computers running Microsoft Windows, which have been the target of most of these attacks.
“Although vulnerabilities do exist in reader for Mac and Unix versions [of Reader], the real world attacks that we’re seeing are almost universally on Windows, and so by getting the protection in place for that platform…we’re able to do get that protection out to the users where the actual threats are occurring,” explained Brad Arkin, director of product security and privacy at Adobe.
Sandboxing limits the privileges a program can run under, isolating that program from other programs on a computer. With ‘Protected Mode’, Adobe is following down the same path as Microsoft and Google, which were both involved in developing the technology with Adobe and have made sandboxing centerpieces of recent security moves. Microsoft for example added sandboxing to Office 2010, while Google brought sandboxing to bare in its Chrome browser as well as plans for the Chrome operating system.
“Adobe Reader Protected Mode doesn’t solve every conceivable security problem that might confront our users of the product,” Arkin said. “But the vast majority of attacks that we’ve seen in the past couple years, are leveraging some type of remote code exploit that allows them to execute code due to a memory trespass vulnerability and they use that to either install software or carry out some other malicious activity which the sandbox will make much harder to do.”
The past year has been particularly challenging for Adobe security. In 2009, the company changed its development process to include review for legacy code in updated applications, and changed the scheduling of its security updates to coincide with Microsoft’s Patch Tuesday. Three months ago, Adobe enabled a silent updating feature in Reader and Adobe Acrobat to protect users as well.
“[Sandboxing] I think is an important mitigation technology to help us defend our users against the type of attacks that are happening, and not just provide defences against it but really limit the potential for harm even if an exploit is carried out,” Arkin said.
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…