Adobe Systems Inc. issued a major security update to its Acrobat PDF creation software, bolstering its defenses...
by building an Adobe sandbox protected mode that isolates it from system resources.
In the protected view the user will have very limited access to the Acrobat functionality as such, but it’s just enough to make an informed decision as to whether he/she wants to trust the document or not.
Kyle Randolph, senior security researcher and technical lead, Adobe Secure Software Engineering Team
Much like Adobe Reader X, Acrobat contains sandbox technology or isolation mode, which makes it difficult for an attacker to get malicious code onto a victim’s system. Called Protected View, the security mode will be enabled by default when a user opens up an untrusted file.
Protected View is part of Adobe Acrobat 10.1, released Tuesday. The security technology disables many Acrobat features that interact with and change the document. Adobe has added a feature enabling users to specify files or folders that are not subject to restrictions.
The added security mechanisms are part of a number of improvements to bolster Adobe’s software quality and improve the security of its products. The software giant’s Reader and Acrobat PDF viewing software is used by millions of people globally and is a coveted target of attackers looking to find a hole to gain access to sensitive systems. The goal has been to layer on additional defenses.
According to Kyle Randolph, senior security researcher and technical lead on the Adobe Secure Software Engineering Team, the feature offers similar mitigations and user workflows as the Microsoft Office 2010 Protected View.
“In the Protected View, the user will have very limited access to the Acrobat functionality as such, but it’s just enough to make an informed decision as to whether he/she wants to trust the document or not,” Randolph wrote in the ASSET blog. “Its design allows the user to read the contents of a PDF file received from untrusted sources without having to worry about a system compromise due to malware infection.”
When a PDF file is opened in a browser, Acrobat Protected View opens “rights-enabled” documents in an Adobe Reader-like experience, Randolph said. If the document author enables Acrobat features, users will be able to sign existing form fields and save form data, he said.
Randolph admits the technology is no silver bullet. Security researcher Billy Rios described a hacking technique in January that bypasses Adobe Flash sandboxing restrictions.
Adobe Reader X, which offers sandbox technology called Protected Mode, has been available since November. Since its release, Adobe has been repairing vulnerabilities, albeit at a slower pace than the standard Adobe Reader, since the added sandboxing restrictions make an exploit more difficult to carry out. Reader’s sandboxing technology is based on Microsoft's Practical Windows Sandboxing technique.
Adobe’s quarterly update, which was issued this week during Microsoft Patch Tuesday, contained a critical update to Adobe Reader, fixing 11 software vulnerabilities. Adobe also issued a mega patch for its Shockwave Player, resolving two dozen vulnerabilities, and repaired a critical flaw in Flash that could cause a crash and allow an attacker to take complete control of a system.