The much awaited Adobe Reader X was made available today at http://get.adobe.com/reader for OS X and Windows platforms.
Paul Ducklin wrote about the release of Adobe Acrobat X a few days ago and shared his confusion over the way Adobe has managed the release of Reader/Acrobat and his concern at the very large size of the current codebase. The Mac version weighs in at just under 70 megabytes (415MB on disk), while the Windows version is 35 megabytes (105MB on disk).
While more lines of code certainly leaves more room for error, Reader X does include Adobe’s latest efforts to thwart attackers through the use of a write-blocking sandbox. This means that when you open a PDF file that may try to exploit a vulnerability in Reader X it will be unable to write any files to your hard disk which will help prevent malware from installing itself on your computer.
Although Reader X is available for OS X, the sandbox technology is only implemented on the Windows platform. This doesn’t mean Mac users shouldn’t consider updating to the latest release, however they will not benefit from the enhanced safety provided by the sandbox.
Sandboxing has had a spotty track record. Oracle Java is the most well known implementation of a sandboxed application environment and has been plagued by security flaws. Microsoft Office 2010 and Google Chrome on the other hand share a heritage with Adobe’s implementation and have demonstrated improved security over their non-sandboxed counterparts.
Bottom line? If you are an Adobe Reader user or administrator I recommend rolling out Reader X as a precautionary measure. The next attack against Reader may be right around the corner and it presents your best defense against malicious PDF files.