Adobe launches 'sandboxed' Reader X
Technology aims to protect Windows users from PDF-based attacks
Computerworld - Adobe today released Reader X, the next version of its popular software that includes a "sandbox" designed to protect users from PDF attacks.
Reader X on Windows features Protected Mode, a technology that isolates system processes, preventing or at least hindering malware from escaping the application to wreak havoc on the computer.
The new version is also available for Mac OS X and Android, but those editions lack the sandbox.
Protected Mode is Adobe's response to experts' demands that the company beef up the security of Reader, which is aggressively targeted by attackers. Those hackers frequently exploit unknown and unpatched vulnerabilities, called "zero-days," to infect PCs with malware using rigged PDF documents.
Calling the sandbox a "new advancement" in protective measures, Brad Arkin, Adobe's director of security and privacy, admitted it will not stymie every attack. But he argued it will help.
"Even if exploitable security vulnerabilities are found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files or installing malware on potential victims' computers," Arkin said in a post to a company blog late on Thursday.
Adobe isn't the first to institute sandboxing. Google's Chrome is probably the application best known for using the technology, but Microsoft's Internet Explorer and Office 2010 also offer similar defenses. Today, Arkin again credited both Google and Microsoft for helping Adobe's developers craft Protected Mode.
Protected Mode may take some of the patching pressure off Adobe, which has had to scramble several times this year to fix flaws being used by criminals. Just two days ago, Adobe rolled out patches for a pair of vulnerabilities, one of which had been exploited for at least three weeks.
Tuesday's update was the seventh this year and the sixth time in 2010 that Adobe has either issued an "out-of-band" emergency fix or moved up a regularly-scheduled patch day.
Adobe declined to lay out a timetable today for offering Reader X to existing users. A spokeswoman said only that the company would not initially roll out the new version via Reader's built-in updater.
Last month, however, Arkin told Computerworld that Adobe would urge users of the older Reader 8 to upgrade to Reader X shortly after the latter's launch, but would delay notifying Reader 9 users of the upgrade. "I would like to do both [Reader 8 and Reader 9 update notifications] within the first 12 months of X's release," he said at the time.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
Read more about Application Security in Computerworld's Application Security Topic Center.
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- Gartner Magic Quadrant for Application Security The market for application security testing is changing rapidly. Technology trends, such as mobile applications, advanced Web applications and dynamic languages, are forcing...
- Five Steps to Achieve Success in your Application Security Program This white paper provides a general framework your organization can use to create or build upon an application security program. It includes guidelines...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Application Security White Papers | Webcasts