Adobe has released the much anticipated new version of its Reader software, Adobe Reader X, which includes the new sandboxing feature meant to prevent exploits against the software from affecting other applications on a PC.
The new version of Reader, one of the more widely deployed applications anywhere, is designed to be a major step forward in security for Adobe customers, many of whom have been critical of the company’s recent security track record. The company has been public about its efforts to change that track record and began talking about the upcoming inclusion of a sandbox in Reader several months ago. The sandbox is a way for the Reader application to prevent malicious code from using a vulnerability in the software to jump from Reader to another application or the operating system itself.
Adobe officials said that the sandbox in Reader X isn’t meant as a panacea, but is one link in a chain of technologies and methods that the company is using to help improve the quality and security of its products.
“Over the last few months, the Adobe Reader engineering team together
with the Adobe Secure Software Engineering Team, partners in the
software development community such as the Microsoft Office security
team and the Chrome team at Google, as well as customers, third-party
consultancies in the security community, and other external stakeholders
were hard at work to help ensure the sandbox implementation was as
robust as possible,” Brad Arkin, Adobe’s director of product security and privacy, wrote in a blog post on Reader X.
“Adobe’s product security initiatives are focused on reducing both the
frequency and the impact of security vulnerabilities. Adobe Reader
Protected Mode represents an exciting new advancement in mitigating the
impact of attempted attacks. While sandboxing is not a security silver
bullet, it provides a strong additional level of defense against
attacks. Even if exploitable security vulnerabilities are found by an
attacker, Adobe Reader Protected Mode will help prevent the attacker
from writing files or installing malware on potential victims’
Sandboxes have become a popular and useful tool for software vendors that are looking for ways to prevent their applications from becoming vectors for larger attacks on users’ machines. The most notable example outside of Reader X is Google Chrome, which has included a sandbox feature since 2008. And Microsoft’s Internet Explorer has a similar feature in Protected Mode.
Adobe Reader has been a major target for attackers in the last couple of years, and a number of high-profile critical bugs have plagued the application of late. Most recently, Adobe was forced to issue an emergency patch for Reader this week to fix several critical bugs.