Adobe has updated its Reader and Acrobat software with several new security features, including more robust sandboxing....
Could you break down the changes that Adobe has made? Will enterprise users still need to take special precautions to use Reader and Acrobat securely?
The release of Adobe Reader XI and Acrobat XI were heralded as a milestone release in terms of security, with both products introducing more restrictive sandboxing and other security features. Sandboxing can be an effective method of blocking the exploitation of previously unidentified security holes. Though sandboxing was present in previous versions of Reader and Acrobat, the new releases introduce a more significant implementation through Protected Mode.
Protected Mode (Enhanced) restricts both read and write activities, not just write, as in the past. Write protection prevents an attacker from writing and executing malicious code on a victim's computer, and the addition of read protection is a data theft prevention control to help protect against attackers seeking to read information from the machine. Adobe Reader Protected View (New) and Adobe Acrobat Protected View (Enhanced) both establish a separate window station and desktop. A window station creates a discrete, securable clipboard and desktop where messages can only be sent between processes that are on the same desktop. This control prevents attacks such as screen-scraping, where one application reads data from the display output of another when a PDF file is opened in either the standalone product or a browser.
Enterprises should upgrade to the new versions of Reader and Acrobat because they're certainly more secure than previous versions, but since it's not an update, users will have to manually download and install it; the automatic updater will not install new versions. Enterprise users should still exercise caution when using Reader and Acrobat, and administrators should certainly keep up to date with Adobe alerts and patches.
Dig Deeper on Software Development Methodology
Related Q&A from Michael Cobb
Amazon disabled native encryption capabilities in the latest Fire OS version. Expert Michael Cobb explains what this means for security, and if ...continue reading
A pirated app called Happy Daily English beat Apple's App Store security review. Expert Michael Cobb explains how it works and what security teams ...continue reading
The Lenovo SHAREit file-sharing app has a hardcoded password vulnerability, among other issues. Expert Michael Cobb explains these flaws and how to ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.