Adobe Reader X is out and arming Windows users with new sandboxing capabilities Adobe hopes will mitigate attacks.
Adobe Systems has released Adobe Reader X, bringing with it sandboxing technology the company has touted as an answer to some of the company's recent security challenges.
The sandboxing technology
is aimed at Windows users, who bear the brunt of the attacks against
the PDF-viewing software. The technology is similar to what Google
built into Chrome as well as what Microsoft incorporated into Office
2010 Protected Viewing Mode.
Now, Adobe Reader has its own "Protected Mode," which the company told eWEEK represents "an exciting new advancement in mitigating the impact of attempted attacks."
"While sandboxing is not a security silver bullet, it provides a
strong additional level of defense against attacks as software vendors
work on reducing both the frequency and the impact of security
vulnerabilities," an Adobe spokesperson said.
The initial release of Adobe Reader Protected Mode sandboxes all
write calls on Windows 7, Windows Vista, Windows XP, Windows Server
2008 and Windows Server 2003. Future releases will extend the
technology to include read-only activities as well, though the company
said the timing for that is still being determined.
Enabled by default, Protected Mode effectively means all operations
required by Reader to display PDF files are run inside the sandbox. If
Reader needs to perform an action not permitted in the sandbox
environment - like writing to the user's temporary folder - those
requests are funneled through a "broker process" controlled by a set of
policies for what is and isn't allowed.
"For Adobe Reader, this means that even if exploitable security
vulnerabilities are found by an attacker, Adobe Reader Protected Mode
will help prevent the attacker from writing files or installing malware
on potential victims' computers," the spokesperson said. "That's
because the attacker would not only have to find a vulnerability in the
software itself-he would also have to find a second vulnerability to
break out of the sandbox."
There has been no shortage of Reader vulnerabilities this year. Earlier this week,
the company released an update that patched a vulnerability affecting a
component in Reader used to render Flash content that had come under
"Adobe's product security initiatives are focused on reducing both the frequency and the impact of security vulnerabilities," blogged Brad Arkin,
senior director of product security and privacy at Adobe. "Adobe Reader
Protected Mode represents an exciting new advancement in mitigating the
impact of attempted attacks. While sandboxing is not a security silver
bullet, it provides a strong additional level of defense against