Problem solve Get help with specific problems with your technologies, process and projects.

Is sandboxing the answer to Adobe Acrobat, Adobe Reader security woes?

Expert Michael Cobb assesses the impact of sandboxing on Adobe Acrobat and Adobe Reader security. Can enterprises trust Adobe's new security methods?

Adobe has updated its Reader and Acrobat software with several new security features, including more robust sandboxing....

Could you break down the changes that Adobe has made? Will enterprise users still need to take special precautions to use Reader and Acrobat securely?

The release of Adobe Reader XI and Acrobat XI were heralded as a milestone release in terms of security, with both products introducing more restrictive sandboxing and other security features. Sandboxing can be an effective method of blocking the exploitation of previously unidentified security holes. Though sandboxing was present in previous versions of Reader and Acrobat, the new releases introduce a more significant implementation through Protected Mode.

Protected Mode (Enhanced) restricts both read and write activities, not just write, as in the past. Write protection prevents an attacker from writing and executing malicious code on a victim's computer, and the addition of read protection is a data theft prevention control to help protect against attackers seeking to read information from the machine. Adobe Reader Protected View (New) and Adobe Acrobat Protected View (Enhanced) both establish a separate window station and desktop. A window station creates a discrete, securable clipboard and desktop where messages can only be sent between processes that are on the same desktop. This control prevents attacks such as screen-scraping, where one application reads data from the display output of another when a PDF file is opened in either the standalone product or a browser.

Address Space Layout Randomization (ASLR), a memory-based anti-exploitation technology, has also been enabled for both Reader and Acrobat on Windows 7 and 8. This means that all dynamic-link libraries -- including legacy DLLs without ASLR enabled -- loaded by Adobe are less vulnerable to attack. Another new feature is the PDF whitelisting framework, which allows administrators to selectively turn certain features such as JavaScript on or off for specific PDF files, sites or hosts. The vast majority of Adobe Reader exploits make use of JavaScript code embedded into malicious PDF files, so they require JavaScript support to work. Disabling JavaScript may limit the functionality of some PDFs or alter how they appear, but it's a small price to pay for greatly enhanced security.

Adobe products have been frequently exploited over the last few years, so it's good to see that serious efforts are being made to increase Adobe Acrobat and Adobe Reader security. However, a new exploit is already being used to target Adobe Reader through Internet Explorer and Mozilla Firefox. According to researchers from Russian security firm Group-IB, a previously unknown and unpatched vulnerability that bypasses the new sandbox security features has been integrated into a privately modified version of Blackhole, a commercial, Web-based attack toolkit. This new exploit works even if JavaScript support is disabled, but it does fail in Google's Chrome browser due to its additional protection for the Adobe Reader component.

Enterprises should upgrade to the new versions of Reader and Acrobat because they're certainly more secure than previous versions, but since it's not an update, users will have to manually download and install it; the automatic updater will not install new versions. Enterprise users should still exercise caution when using Reader and Acrobat, and administrators should certainly keep up to date with Adobe alerts and patches.

This was last published in March 2013

Dig Deeper on Secure software development

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.