Adobe Reader X sandbox leaves 'residual risk'

Summary:Adobe's implementation of a new sandbox (Protected Mode) in the newest version of its PDF Reader software leaves significant "residual risk" for cyber-attackers to exploit.

Even as Adobe is touting the new sandbox (Protected Mode) in the newest version of its PDF Reader software, a security researcher says the company's implementation leaves significant "residual risk" for cyber-attackers to exploit.

According to Chris Greamo, a researcher at Invincea, the Adobe Reader X sandbox is definitely a step in the right direction but he argues that the implementation will not prevent attacks from accessing sensitive parts of a hijacked computer.

follow Ryan Naraine on twitter

[The] devil is in the design and implementation.  Protected Mode is a surgical sandbox implementation targeting really the most egregious vulnerabilities in a few core components, namely Reader’s renderer and its Javascript engine. Protected Mode will improve the security of Reader against certain types of attacks – those attacks that exploit the rendering engine and attempt to either install malware or monitor user keystrokes. Adobe engineers themselves enumerate Protected Mode limitations, including:

    • Protected Mode will not prevent unauthorized read access to the file system or registry.
    • Protected Mode will not restrict network access.
    • Protected Mode will not prevent reading or writing to the clip board.

Adobe adding 'sandbox' to PDF Reader to ward off hacker attacks ]

Greamo said these limitations will allow attackers that exploit these “protected” components to stay resident in memory and perform damaging activities such as:
  • Read and exfiltrate data from the registry and/or user’s file system
  • Attack other machines and devices on the network
  • Use Reader as a stepping stone to execute other exploits against the host system including exploits against kernel services

The sandbox, included in Adobe Reader X, is similar to the Google Chrome sandbox and Microsoft Office 2010 Protected Viewing Mode.  Based on Microsoft’s Practical Windows Sandboxing technique, it is turned on by default and displays all operations in a PDF file in a very restricted manner.

The first sandbox implementation isolates all “write” calls on Windows 7, Windows Vista, Windows XP, Windows Server 2008, and Windows Server 2003.  Adobe argues that this will mitigate the risk of exploits seeking to install malware on the user’s computer or otherwise change the computer’s file system or registry.  In a future dot-release, the company plans to extend the sandbox to include read-only activities to protect against attackers seeking to read sensitive information on the user’s computer.

Invincea's Greamo believes the residual exposures left by Adobe’s Protected Mode are "significant" and can only be addressed by a more comprehensive solution that confines attacks against all Reader components, the shared libraries it uses, the kernel, and the network.

"With the release of Adobe Reader X, expect to see new vulnerabilities presented by this additional code to be discovered and exploited by the BlackHat community," he added.

Topics: Enterprise Software, CXO, Security, Windows


Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.