Article

New Adobe Reader X fortifies PDF viewer against attacks

Robert Westervelt, News Director

Adobe Systems Inc. has released Reader X, a version of its PDF viewing software that has a new architecture designed to make it more difficult for attackers to exploit vulnerabilities and gain access to a victim's machine.

    Requires Free Membership to View

If an attacker found a vulnerability that today might allow him or her to take over a computer, in the future he or she would be stuck in the sandbox.

Brad Arkin, senior director of product security and privacy, Adobe Systems Inc.

Adobe announced in July that its engineers were working on a version of Reader that was protected using a "sandboxed" mode on Windows. The technology, which is used by Google in its Chrome Web browser only enables processes to run within the confined environment of the application. It blocks actions that could be malicious, such as modifying system information.

Adobe has been struggling to keep up with the pace of zero-day vulnerabilities being targeted by attackers in its popular Reader and Acrobat PDF viewing software. Brad Arkin, senior director of product security and privacy at Adobe, said the new sandboxing technology won't stop all attacks, but it does provide an additional layer of defense.

In an interview with SearchSecurity.com in July (see video below), Arkin said the first release of Adobe Reader X would be write-only, running Reader in a low-rights process. "If an attacker found a vulnerability that today might allow him or her to take over a computer, in the future he or she would be stuck in the sandbox," Arkin said.

Arkin said the sandboxing technology is based on Microsoft's Practical Windows Sandboxing technique. If Adobe Reader attempts to write to the user's temporary folder or launch an attachment inside a PDF file using an external application, the requests are funneled through a "broker process" which allows or prevents potentially dangerous functionality, Arkin said.

"Even if exploitable security vulnerabilities are found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files or installing malware on potential victims' computers," Arkin wrote in the Adobe Secure Software Engineering Team blog.

Adobe also released a version ofReader X via the Android Market for devices running Google's Android OS.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: