Adobe Reader to block attacks with sandbox feature

Jos

Posts: 3,073   +97

For years, Adobe's ubiquitous Reader software has been one of the major targets of hackers looking to run malicious code on Windows operating systems. This -- combined with a habit of lagging to patch known vulnerabilities -- has earned the company a poor reputation when it comes to keeping its users safe. However, Adobe is hoping to change that impression by adding a "Protected Mode" to the next release of Reader that will isolate code from other parts of the computer.

The feature will be enabled by default and essentially what it does is ensure that all operations required to process a PDF file, including JavaScript execution, 3D rendering, and image parsing, are run in a restricted manner inside a sandbox. Code in this sandbox cannot write to the file system or the registry, for example. So while the approach doesn't stop vulnerabilities from being found or exploited, it limits their severity by restricting what they can do.

According to a post on Adobe's ASSET Blog, "Protected Mode" is based on Microsoft's Practical Windows Sandboxing Technique. The company has been working closely with members of the Microsoft Office security team, Nicolas Sylvain and the Chrome team at Google, as well as third-party consultancies and other external stakeholders.

This first release will sandbox all "write" calls, mitigating the risk of exploits that seek to install malware on users' computers. In future releases of Adobe Reader, the company plans to extend the sandbox to include read-only activities to protect against attackers seeking to read sensitive information from the user's computer.

Permalink to story.

 
Good to see more people taking this idea and using it. Should be interesting to see how long before someone finds a way to bypass the "protected" environment.
 
Not sure how well it will work, but I have to give Adobe credit for the first time in a long time for at least taking steps towards fixing a very plagued system.
 
Back