Adobe announces Reader X and Acrobat X editions

Filed Under: Adobe, Vulnerability

Hard at work in the sandbox from redjar's Flickr photostream

Adobe has announced the long-awaited sandboxed versions of their ubiquitous Adobe Reader and Adobe Acrobat applications, now branded as X. Brad Arkin, Adobe's Senior Director of Product Security and Privacy, first spoke with Sophos about Adobe's plans to better secure Reader in a podcast back in August.

Adobe Reader X will be available sometime in November and will implement a virtual sandbox to help isolate it from the operating system. This technique will allow controls to be put in place to prevent Reader X from making unwanted modifications to files, modifying the registry and executing unwanted content.

Sandboxes are by no means foolproof, as we've seen from the large number of vulnerabilities found in Oracle's Java Runtime Environment. In fact, Brian Krebs has pointed out that Java is more successfully exploited to compromise PCs through web exploits than Adobe Reader. In a recent interview with ITPRO magazine, Arkin acknowledged that "Protected Mode," as the sandboxing technology is being branded, is not a silver bullet.

SophosLabs' Paul Baccas recently referenced "The Flying Wallendas" in his Virus Bulletin paper to make the point that always operating with a safety net may encourage laziness. He was concerned that Adobe continue to make progress in securing the product's core and not get too comfortable with the idea that the sandbox will stop future exploits.

Based on Brad Arkin's comments, it appears Adobe is taking Paul's concerns seriously and is just using Protected Mode as an additional safety measure. When Adobe releases Reader X, we will be sure to blog about it. I recommend deploying it on your network to enhance the security of viewing PDF files.

Creative Commons image courtesy of redjar's Flickr photostream.

, , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.