Adobe launches 'sandboxed' Reader X
Technology aims to protect Windows users from PDF-based attacks
Computerworld - Adobe today released Reader X, the next version of its popular software that includes a "sandbox" designed to protect users from PDF attacks.
Reader X on Windows features Protected Mode, a technology that isolates system processes, preventing or at least hindering malware from escaping the application to wreak havoc on the computer.
The new version is also available for Mac OS X and Android, but those editions lack the sandbox.
Protected Mode is Adobe's response to experts' demands that the company beef up the security of Reader, which is aggressively targeted by attackers. Those hackers frequently exploit unknown and unpatched vulnerabilities, called "zero-days," to infect PCs with malware using rigged PDF documents.
Calling the sandbox a "new advancement" in protective measures, Brad Arkin, Adobe's director of security and privacy, admitted it will not stymie every attack. But he argued it will help.
"Even if exploitable security vulnerabilities are found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files or installing malware on potential victims' computers," Arkin said in a post to a company blog late on Thursday.
Adobe isn't the first to institute sandboxing. Google's Chrome is probably the application best known for using the technology, but Microsoft's Internet Explorer and Office 2010 also offer similar defenses. Today, Arkin again credited both Google and Microsoft for helping Adobe's developers craft Protected Mode.
Protected Mode may take some of the patching pressure off Adobe, which has had to scramble several times this year to fix flaws being used by criminals. Just two days ago, Adobe rolled out patches for a pair of vulnerabilities, one of which had been exploited for at least three weeks.
Tuesday's update was the seventh this year and the sixth time in 2010 that Adobe has either issued an "out-of-band" emergency fix or moved up a regularly-scheduled patch day.
Adobe declined to lay out a timetable today for offering Reader X to existing users. A spokeswoman said only that the company would not initially roll out the new version via Reader's built-in updater.
Last month, however, Arkin told Computerworld that Adobe would urge users of the older Reader 8 to upgrade to Reader X shortly after the latter's launch, but would delay notifying Reader 9 users of the upgrade. "I would like to do both [Reader 8 and Reader 9 update notifications] within the first 12 months of X's release," he said at the time.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is email@example.com.
Read more about Application Security in Computerworld's Application Security Topic Center.
- Security, Privacy and Trust in Email Management This white paper discusses a SaaS-based email management solution that delivers the security, continuity and archiving capabilities your organization demands.
- Unifying Secuirty Operations Agile enterprises know that the way to quickly identify and react to threats to the business is to break down operational siloes by...
- Is Your Credit Card Data Safe from Hacks? News of recent credit card hacks has rocked consumer confidence. Even talk of a security breach can bring on a PR firestorm. What...
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Application Security White Papers | Webcasts