Adobe Systems is making good on its promise to bring sandboxing to bear in Adobe Reader in the name of security.
The technology will be built into Adobe Reader X, which is scheduled to be released within 30 days. Known as “Protected Mode,” the technology is aimed at protecting Windows PCs, which are often the target of attackers.
“With this version, we have prioritized our activities to get the most effective protection to our users as fast as possible,” an Adobe spokesperson said. “Today, Adobe Reader for Windows represents the overwhelming majority of Adobe Reader downloads. Adobe is always carefully evaluating the threat landscape to determine the priorities and next steps in the security road map for our products.”
Sandboxing limits the privileges a program can run under, isolating that program from other programs on a computer. According to the company, PDF processing such as PDF and image parsing, JavaScript execution, font rendering and 3D rendering happens in the sandbox. Processes that need to perform some action outside the sandbox boundary must do so through a trusted proxy called a “broker process.” Adobe Protected Mode will be enabled by default.
“The Adobe Reader sandbox leverages the operating system’s security controls to constrain processes execution to the principle of least privilege,” blogged Kyle Randolph, senior security researcher on Adobe’s Secure Software Engineering team, Oct. 5. “Thus, processes that could be subject to an attacker’s control run with limited capabilities and must perform actions such as accessing files through a separate, trusted process.”
Other companies have also taken a sandboxing approach to improve security lately. For example, Microsoft added sandboxing to Office 2010, while Google brought sandboxing to bear in its Chrome browser as well as plans for the Chrome operating system.
“Adobe’s product security initiatives are focused on reducing both the frequency and the impact of security vulnerabilities,” the spokesperson said. “Adobe Reader Protected Mode represents an exciting new advancement in mitigating the impact of attempted attacks. Even if exploitable security vulnerabilities are found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files or installing malware on potential victims’ computers.”