Adobe adding 'sandbox' to PDF Reader to ward off hacker attacks

Summary:The next major version of Adobe's PDF Reader will feature new sandboxing technology aimed at curbing a surge in malicious hacker attacks

The next major version of Adobe's PDF Reader will feature new sandboxing technology aimed at curbing a surge in malicious hacker attacks against the widely deployed software.

The security feature, called "Protected Mode," is similar to the Google Chrome sandbox and Microsoft Office 2010 Protected Viewing Mode, according to Adobe's security chief Brad Arkin.

In an interview, Arkin said the sandbox is scheduled for release before the end of this year and is based on Microsoft's Practical Windows Sandboxing technique.  The sandbox will be turned on by default and will display all operations in a PDF file in a very restricted manner.

follow Ryan Naraine on twitter

"Should Adobe Reader need to perform an action that is not permitted in the sandboxed environment, such as writing to the user’s temporary folder or launching an attachment inside a PDF file using an external application (e.g. Microsoft Word), those requests are funneled through a “broker process,” which has a strict set of policies for what is allowed and disallowed to prevent access to dangerous functionality," Arkin explained.

[ SEE: ZoneAlarm ForceField puts browser in a sandbox ]

The first sandbox implementation will isolate all “write” calls on Windows 7, Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003.  Arkin believes this will mitigate the risk of exploits seeking to install malware on the user’s computer or otherwise change the computer’s file system or registry.

The sandbox will not be backported to older versions of Adobe Reader.

In a future dot-release, the company plans to extend the sandbox to include read-only activities to protect against attackers seeking to read sensitive information on the user’s computer.

"This will help us protect against most of the attacks we're seeing today.  The attacker will end up in a sandbox and will need a second attack to escape to do [dangerous things]." Arkin said.

Arkin made it clear that sandboxes are not guaranteed bulletproof perfect.  It will not protect users against all types of security attacks such as phishing, clickjacking, weak cryptography or unauthorized network access.

However, this is a significant defense-in-depth addition that makes it much harder (and expensive) for an attacker to successfully launch attacks using vulnerabilities in Adobe Reader.

Topics: CXO, Enterprise Software, Security, Windows


Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.