Adobe Reader X Brings Sandboxing with Protected Mode
Adobe recently released Adobe Reader X, the latest incarnation of their PDF viewer software. Over a year after Adobe’s promised ‘security push’ into Reader, and numerous vulnerabilities, exploits and malware, this version finally brings the hotly discussed sandboxing feature.
The sandboxing, or Protected Mode as Adobe call it, would restrict PDFs to an extremely limited running environment. Initially the sandbox will control any write operations attempted by PDFs, to try and prevent malware being written to disk. A later update is expected to bring ‘read’ control as well, to prevent information stealing.
Although this is a good step forward for Adobe Reader, it remains to be seen whether any of their changes will be effective at mitigating vulnerabilities that attempt to read/write directly from memory. It’ll be interesting to see what kinds of vulnerabilities will come out in the coming months.
Either way, Adobe Reader X brings a number of security fixes and improvements, and is thus a recommended update.