The next major version of Adobe’s PDF Reader will feature new sandboxing technology aimed at curbing a surge in malicious hacker attacks against the widely deployed software.
The security feature, called “Protected Mode,” is similar to the Google Chrome sandbox and Microsoft Office 2010 Protected Viewing Mode, according to Adobe’s security chief Brad Arkin.
In an interview with Threatpost, Arkin said the sandbox is scheduled for release before the end of this year and is based on Microsoft’s Practical Windows Sandboxing technique. The sandbox will be turned on by default and will display all operations in a PDF file in a very restricted manner.
“Should Adobe Reader need to perform an action that is not permitted in the sandboxed environment, such as writing to the user’s temporary folder or launching an attachment inside a PDF file using an external application (e.g. Microsoft Word), those requests are funneled through a “broker process,” which has a strict set of policies for what is allowed and disallowed to prevent access to dangerous functionality,” Arkin explained.
The first sandbox implementation will isolate all “write” calls on Windows 7, Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003. Arkin believes this will mitigate the risk of exploits seeking to install malware on the user’s computer or otherwise change the computer’s file system or registry.
In a future dot-release, the company plans to extend the sandbox to include read-only activities to protect against attackers seeking to read sensitive information on the user’s computer.
“This will help us protect against most of the attacks we’re seeing today. The attacker will end up in a sandbox and will need a second attack to escape to do [dangerous things].” Arkin said.
The sandbox will not be backported to older versions of Adobe Reader.
Arkin made it clear that sandboxes are not guaranteed bulletproof perfect. It will not protect users against all types of security attacks such as phishing, clickjacking, weak cryptography or unauthorized network access.
However, this is a significant defense-in-depth addition that makes it much harder (and expensive) for an attacker to successfully launch attacks using vulnerabilities in Adobe Reader.