Reader to get sandbox

The next major version release of Adobe Reader is expected to include new technology designed to mitigate attacks against the popular PDF software.

The new security feature, called "Protected Mode", will force all operations that display PDF files to the user to be run inside a highly confined environment, known as a sandbox, in which certain functions are prohibited, Brad Arkin, Adobe's senior director of product security and privacy, said. Prohibited functions inside the sandbox include installing or deleting files, or modifying system information.

As a result, if an exploitable security vulnerability is discovered, the new functionality will help prevent an attacker from being able to write files, change registry keys or install malware on an individual's computer.

The functionality, expected to be enabled in future versions of Reader by default, is based on a technique first described by Microsoft in 2007 and will be similar to already mature sandboxing technologies used in the Google Chrome web browser and Microsoft Office 2010. In its development of the technology, Adobe collaborated with engineers who built Chrome and Office, as well as third-party consultancies and other external stakeholders.

Source: SC Magazine.