Adobe has released the much anticipated new version of its Reader software, Adobe Reader X, which includes the new sandboxing feature meant to prevent exploits against the software from affecting other applications on a PC.
The new version of Reader, one of the more widely deployed applications anywhere, is designed to be a major step forward in security for Adobe customers, many of whom have been critical of the company's recent security track record. The company has been public about its efforts to change that track record and began talking about the upcoming inclusion of a sandbox in Reader several months ago.The sandbox is a way for the Reader application to prevent malicious code from using a vulnerability in the software to jump from Reader to another application or the operating system itself. Adobe officials said that the sandbox in Reader X isn't meant as a panacea, but is one link in a chain of technologies and methods that the company is using to help improve the quality and security of its products.
"Over the last few months, the Adobe Reader engineering team together with the Adobe Secure Software Engineering Team, partners in the software development community such as the Microsoft Office security team and the Chrome team at Google, as well as customers, third-party consultancies in the security community, and other external stakeholders were hard at work to help ensure the sandbox implementation was as robust as possible," Brad Arkin, Adobe's director of product security and privacy, wrote in a blog post on Reader X.
"Adobe’s product security initiatives are focused on reducing both the frequency and the impact of security vulnerabilities. Adobe Reader Protected Mode represents an exciting new advancement in mitigating the impact of attempted attacks. While sandboxing is not a security silver bullet, it provides a strong additional level of defense against attacks. Even if exploitable security vulnerabilities are found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files or installing malware on potential victims’ computers."
Sandboxes have become a popular and useful tool for software vendors that are looking for ways to prevent their applications from becoming vectors for larger attacks on users' machines. The most notable example outside of Reader X is Google Chrome, which has included a sandbox feature since 2008. And Microsoft's Internet Explorer has a similar feature in Protected Mode.
Adobe Reader has been a major target for attackers in the last couple of years, and a number of high-profile critical bugs have plagued the application of late. Most recently, Adobe was forced to issue an emergency patch for Reader this week to fix several critical bugs.
Post a Comment