Adobe Strengthens PDF Reader With Sandboxing

The upcoming version of Adobe Reader will comes with new sandboxing technology, as Adobe Systems seeks to protect users from vulnerability exploits.

Known as ‘Protected Mode’, the technology will be included in the next full version of the PDF viewing software, and comes at a time when attackers are increasingly using Adobe vulnerabilities to compromise computers. The technology is aimed at computers running Microsoft Windows, which have been the target of most of these attacks.

“Although vulnerabilities do exist in reader for Mac and Unix versions [of Reader], the real world attacks that we’re seeing are almost universally on Windows, and so by getting the protection in place for that platform…we’re able to do get that protection out to the users where the actual threats are occurring,” explained Brad Arkin, director of product security and privacy at Adobe.

Program Isolation

Sandboxing limits the privileges a program can run under, isolating that program from other programs on a computer. With ‘Protected Mode’, Adobe is following down the same path as Microsoft and Google, which were both involved in developing the technology with Adobe and have made sandboxing centerpieces of recent security moves. Microsoft for example added sandboxing to Office 2010, while Google brought sandboxing to bare in its Chrome browser as well as plans for the Chrome operating system.

Adobe Protected Mode will be enabled by default, and the initial release will sandbox all write calls by the program, thereby blocking attempts to install malicious code. Eventually, read-only activities will be placed in the sandbox as well, Arkin said.

“Adobe Reader Protected Mode doesn’t solve every conceivable security problem that might confront our users of the product,” Arkin said. “But the vast majority of attacks that we’ve seen in the past couple years, are leveraging some type of remote code exploit that allows them to execute code due to a memory trespass vulnerability and they use that to either install software or carry out some other malicious activity which the sandbox will make much harder to do.”

Tough Year

The past year has been particularly challenging for Adobe security. In 2009, the company changed its development process to include review for legacy code in updated applications, and changed the scheduling of its security updates to coincide with Microsoft’s Patch Tuesday. Three months ago, Adobe enabled a silent updating feature in Reader and Adobe Acrobat to protect users as well.

“[Sandboxing] I think is an important mitigation technology to help us defend our users against the type of attacks that are happening, and not just provide defences against it but really limit the potential for harm even if an exploit is carried out,” Arkin said.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 hours ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

3 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

19 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

21 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

22 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

23 hours ago