The upcoming version of Adobe Reader will comes with new sandboxing technology, as Adobe Systems seeks to protect users from vulnerability exploits.
Known as ‘Protected Mode’, the technology will be included in the next full version of the PDF viewing software, and comes at a time when attackers are increasingly using Adobe vulnerabilities to compromise computers. The technology is aimed at computers running Microsoft Windows, which have been the target of most of these attacks.
“Although vulnerabilities do exist in reader for Mac and Unix versions [of Reader], the real world attacks that we’re seeing are almost universally on Windows, and so by getting the protection in place for that platform…we’re able to do get that protection out to the users where the actual threats are occurring,” explained Brad Arkin, director of product security and privacy at Adobe.
Sandboxing limits the privileges a program can run under, isolating that program from other programs on a computer. With ‘Protected Mode’, Adobe is following down the same path as Microsoft and Google, which were both involved in developing the technology with Adobe and have made sandboxing centerpieces of recent security moves. Microsoft for example added sandboxing to Office 2010, while Google brought sandboxing to bare in its Chrome browser as well as plans for the Chrome operating system.
“Adobe Reader Protected Mode doesn’t solve every conceivable security problem that might confront our users of the product,” Arkin said. “But the vast majority of attacks that we’ve seen in the past couple years, are leveraging some type of remote code exploit that allows them to execute code due to a memory trespass vulnerability and they use that to either install software or carry out some other malicious activity which the sandbox will make much harder to do.”
The past year has been particularly challenging for Adobe security. In 2009, the company changed its development process to include review for legacy code in updated applications, and changed the scheduling of its security updates to coincide with Microsoft’s Patch Tuesday. Three months ago, Adobe enabled a silent updating feature in Reader and Adobe Acrobat to protect users as well.
“[Sandboxing] I think is an important mitigation technology to help us defend our users against the type of attacks that are happening, and not just provide defences against it but really limit the potential for harm even if an exploit is carried out,” Arkin said.
Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…
Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…