News Stay informed about the latest enterprise technology news and product updates.

New Adobe Reader X fortifies PDF viewer against attacks

Adobe Reader X uses Microsoft's sandboxing technology to block potentially dangerous processes from executing beyond the confines of the software.

Adobe Systems Inc. has released Reader X, a version of its PDF viewing software that has a new architecture designed...

to make it more difficult for attackers to exploit vulnerabilities and gain access to a victim's machine.

If an attacker found a vulnerability that today might allow him or her to take over a computer, in the future he or she would be stuck in the sandbox.

Brad Arkin, senior director of product security and privacy, Adobe Systems Inc.

Adobe announced in July that its engineers were working on a version of Reader that was protected using a "sandboxed" mode on Windows. The technology, which is used by Google in its Chrome Web browser only enables processes to run within the confined environment of the application. It blocks actions that could be malicious, such as modifying system information.

Adobe has been struggling to keep up with the pace of zero-day vulnerabilities being targeted by attackers in its popular Reader and Acrobat PDF viewing software. Brad Arkin, senior director of product security and privacy at Adobe, said the new sandboxing technology won't stop all attacks, but it does provide an additional layer of defense.

In an interview with in July (see video below), Arkin said the first release of Adobe Reader X would be write-only, running Reader in a low-rights process. "If an attacker found a vulnerability that today might allow him or her to take over a computer, in the future he or she would be stuck in the sandbox," Arkin said.

Arkin said the sandboxing technology is based on Microsoft's Practical Windows Sandboxing technique. If Adobe Reader attempts to write to the user's temporary folder or launch an attachment inside a PDF file using an external application, the requests are funneled through a "broker process" which allows or prevents potentially dangerous functionality, Arkin said.

"Even if exploitable security vulnerabilities are found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files or installing malware on potential victims' computers," Arkin wrote in the Adobe Secure Software Engineering Team blog.

Adobe also released a version ofReader X via the Android Market for devices running Google's Android OS.

Dig Deeper on Emerging cyberattacks and threats



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.







  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...