Related Links

Related Stories

  • Fake Adobe Flash updates lure the unwary
    Barracuda Networks has warned internet surfers to be wary of fake Adobe flash updates, after it uncovered a number of compromised sites in the wild which present unwary visitors with an official-looking Adobe Flash update page.
  • Adobe issues early quarterly security patches
    As promised earlier this month, Adobe has issued an advanced security update to sure up ‘critical’ vulnerabilities found with its Reader and Acrobat products.
  • Adobe fixes Flash flaw in five days
    Adobe has quietly fixed the 'critical' security flaw affecting its Flash and Reader software that it revealed earlier this week. The issue has been fixed in an urgent patch folded in with a raft of updates that are claimed to solve 32 documented problems with Adobe's software.
  • Adobe warns of critical multi-platform security flaw
    Adobe has released a major warning over a critical vulnerability in its Flash Player and earlier editions for Windows, Apple Mac, Linux and Solaris platforms.
  • Applications under attack says Microsoft, Adobe
    Many in the security field agree that attack vectors have rapidly moved from exploiting operating system vulnerabilities to the application layer. Security specialists from Microsoft and Adobe lent their opinions as to why this is the case.

Top 5 Stories


Adobe to introduce PDF reader with sandboxing security feature

20 July 2010

Today Adobe announced a new security feature to the next major release of its popular Reader software the takes advantage of sandboxing technology, whereby the company hopes to implement another security hurdle for malicious-minded attackers.

Adobe has made quite a bit of news in security circles over the past year for the sheer number of attacks targeting its popular PDF Reader product. The latest response to concerns about its product security includes news that Adobe will now offer what it hopes will be a more secure PDF reader: Adobe Reader Protected Mode.

Brad Arkin, director of product security and privacy for Adobe, made the announcement today regarding this new security feature on the Adobe Secure Software Engineering Team blog. He wrote that this Protected Mode PDF reader is inspired by previous sandboxing technology being used by Microsoft via its Windows Sandboxing Technique.

In addition, Arkin also noted that Adobe has worked closely with the Microsoft Office security team and members of the Chrome team at Google to “leverage their sandboxing knowledge and experience”.

Arkin said that Protected Mode for the Adobe Reader will be the default option once the update is delivered and that all functions required to view the PDF file will be run inside the sandbox environment.

According to Adobe, neither the installation nor deletion of files – or modifications to system information – will be permitted when running Protected Mode.

“Should Adobe Reader need to perform an action that is not permitted in the sandboxed environment, such as writing to the user’s temporary folder or launching an attachment inside a PDF file using an external application (e.g. Microsoft Word), those requests are funneled through a 'broker process', which has a strict set of policies for what is allowed and disallowed to prevent access to dangerous functionality”, Arkin said.

Adobe indicated the first release of Protected Mode will sandbox all “write” calls to help mitigate the potential “of exploits seeking to install malware on the user’s computer or otherwise change the computer’s file system”. The company also said that future releases will aim to extend the sandbox to read-only activities, helping protect against attackers seeking sensitive information on a user’s machine.

An Adobe spokesperson told Infosecurity that there is no precise timeline as to when the new Protected Mode PDF reader would be rolled out, only to say that it should be introduced later this year with the product’s next major release.

This article is featured in:
Application Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×