A recent Adobe Reader zero-day exploit is notable for being the first in the wild to fully escape Reader's sandboxing...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
capabilities. Could you explain how this attack works? Does it cast doubt on sandboxing as an effective enterprise application hardening technique?
Ask the Expert!
SearchSecurity expert Nick Lewis is standing by to answer your questions about enterprise security threats. Submit your question via email. (All questions are anonymous.)
A moat filled with sharknadoes is insufficient protection if it can be bypassed by a helicopter. There should be additional protections in place that will keep intruders out in case one defense fails. This is not to say there should be an infinite number of moats and flying sharks, but enterprises should evaluate the risk and the additional cost so the sharks with lasers aren't just protecting the public website.
The intent of the Adobe Reader and Acrobat sandbox is to make it significantly more difficult for attackers to exploit the software. An attacker must spend considerably more time and money developing exploits for Reader and Acrobat than was necessary a year or two ago. Clearly there's no such thing as a perfect defensive technology, but sandboxing by and large has made a difference in making software safer, and will surely continue to do so despite this minor setback.
Dig Deeper on Productivity apps and messaging security
Related Q&A from Nick Lewis
DoubleAgent malware is a proof of concept for a zero-day vulnerability that can turn antivirus tools into attack vectors. Expert Nick Lewis explains ...continue reading
A new POS malware downloads a RAM scraper to avoid detection. Expert Nick Lewis explains the tricks MajikPOS uses to target retail terminals and how ...continue reading
An Apache Struts vulnerability is still being exploited, even though it has already been patched. Expert Nick Lewis explains why the Struts platform ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.