Adobe has updated its Reader and Acrobat software with several new security features, including more robust sandboxing....
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Could you break down the changes that Adobe has made? Will enterprise users still need to take special precautions to use Reader and Acrobat securely?
The release of Adobe Reader XI and Acrobat XI were heralded as a milestone release in terms of security, with both products introducing more restrictive sandboxing and other security features. Sandboxing can be an effective method of blocking the exploitation of previously unidentified security holes. Though sandboxing was present in previous versions of Reader and Acrobat, the new releases introduce a more significant implementation through Protected Mode.
Protected Mode (Enhanced) restricts both read and write activities, not just write, as in the past. Write protection prevents an attacker from writing and executing malicious code on a victim's computer, and the addition of read protection is a data theft prevention control to help protect against attackers seeking to read information from the machine. Adobe Reader Protected View (New) and Adobe Acrobat Protected View (Enhanced) both establish a separate window station and desktop. A window station creates a discrete, securable clipboard and desktop where messages can only be sent between processes that are on the same desktop. This control prevents attacks such as screen-scraping, where one application reads data from the display output of another when a PDF file is opened in either the standalone product or a browser.
Enterprises should upgrade to the new versions of Reader and Acrobat because they're certainly more secure than previous versions, but since it's not an update, users will have to manually download and install it; the automatic updater will not install new versions. Enterprise users should still exercise caution when using Reader and Acrobat, and administrators should certainly keep up to date with Adobe alerts and patches.
Dig Deeper on Secure software development
Related Q&A from Michael Cobb
Can two-factor authentication be applied to a mobile device that's used as a 2FA factor? Michael Cobb explores the different knowledge factors and ...continue reading
Running a private certificate authority can pose significant risks and challenges to meet baseline requirements. Michael Cobb explores what ...continue reading
A recently discovered Android app permissions flaw can expose users to attacks. Michael Cobb explains what the risks are and how Android O security ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.