Adobe has upgraded the security capabilities of both Reader and Acrobat with new releases this week, extending the functionality of the sandbox and adding a feature that forces all of the DLLs loaded by the applications to use ASLR, regardless of whether they originally were compiled with ASLR enabled.
The company released Adobe Reader XI and Acrobat XI this week, introducing the new security features, which also include a whitelisting capability and support for a new cryptography feature. But the biggest addition is the change in the way that the sandbox behaves. The sandbox feature was introduced in Reader X and was designed to prevent malware from being able to use a vulnerability in Reader to get to the operating system or other applications on the machine.
Now, the sandbox has been given an additional set of capabilities that are meant to help prevent read-only activities on machines, which can help stop malware from being able to steal users’ personal data.
“To provide an additional layer of defense and strengthen the sandbox protection in Adobe Reader and Acrobat even further, we have implemented a separate desktop and WinStation in Adobe Reader and Acrobat XI, which will block, for instance, screen scraping attacks,” Priyank Choudhury, a security researcher at Adobe, wrote in a blog post.
“This mode effectively introduces a new Protected View in Adobe Reader and enhances the Protected View implementation in Adobe Acrobat even further. Protected View behaves identically for Adobe Reader and Acrobat, whether viewing PDF files in the standalone product or in the browser.”
The other major change to Adobe and Acrobat is the inclusion of Force ASLR, a feature that extends the effectiveness of the ASLR implementation in Acrobat and Reader. ASLR (address space layout randomization) is an exploit mitigation technology that randomizes the locations of memory components to make them less predictable for attackers.
“Adobe Reader and Acrobat leverage platform mitigations such as Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), etc. In Adobe Reader and Acrobat XI, we have enabled support for Force ASLR on Windows 7 and Windows 8. Force ASLR improves the effectiveness of existing ASLR implementations by ensuring that all DLLs loaded by Adobe Reader or Acrobat XI, including legacy DLLs without ASLR enabled, are randomized. By enabling Force ASLR in Adobe Reader and Acrobat XI, we are making it even more difficult for an attacker to exploit vulnerabilities,” Choudhury said.
