Adobe has updated its Reader and Acrobat software with several new security features, including more robust sandboxing....
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Could you break down the changes that Adobe has made? Will enterprise users still need to take special precautions to use Reader and Acrobat securely?
The release of Adobe Reader XI and Acrobat XI were heralded as a milestone release in terms of security, with both products introducing more restrictive sandboxing and other security features. Sandboxing can be an effective method of blocking the exploitation of previously unidentified security holes. Though sandboxing was present in previous versions of Reader and Acrobat, the new releases introduce a more significant implementation through Protected Mode.
Protected Mode (Enhanced) restricts both read and write activities, not just write, as in the past. Write protection prevents an attacker from writing and executing malicious code on a victim's computer, and the addition of read protection is a data theft prevention control to help protect against attackers seeking to read information from the machine. Adobe Reader Protected View (New) and Adobe Acrobat Protected View (Enhanced) both establish a separate window station and desktop. A window station creates a discrete, securable clipboard and desktop where messages can only be sent between processes that are on the same desktop. This control prevents attacks such as screen-scraping, where one application reads data from the display output of another when a PDF file is opened in either the standalone product or a browser.
Enterprises should upgrade to the new versions of Reader and Acrobat because they're certainly more secure than previous versions, but since it's not an update, users will have to manually download and install it; the automatic updater will not install new versions. Enterprise users should still exercise caution when using Reader and Acrobat, and administrators should certainly keep up to date with Adobe alerts and patches.
Dig Deeper on Secure software development
Related Q&A from Michael Cobb
Android for Work's sandboxing tools, which split work and personal profiles, can be bypassed with a proof-of-concept attack. Expert Michael Cobb ...continue reading
Yahoo claimed a vulnerability in its email service enabled attackers to use forged cookies to gain access to user accounts. Expert Michael Cobb ...continue reading
A researcher discovered 76 iOS apps containing sensitive user data that were vulnerable to man-in-the-middle attacks. Expert Michael Cobb explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.