Adobe Reader X With Protected Mode Due in November

ID THREATPOST:D50636F08439136E5A89522BD164CCB4
Type threatpost
Reporter Dennis Fisher
Modified 2018-08-15T10:19:53


Adobe will finally release the new version of its Reader software–which will include the much-anticipated Protected Mode security feature–next month. Adobe Reader X will include a number of other new features in addition to the sandbox feature.

Adobe officials have been discussing Protected Mode for several months now and said early on that it would be included in the next version of Reader, but had never set a timeline for the release of Reader X. Now, the company says that the new version will be available in November, although no specific date was announced.

Protected Mode in Reader X is Adobe’s implementation of the sandbox security technology, which is meant to prevent a vulnerability in Reader from affecting other applications running on the machines. Many attackers have been focusing on Reader and other Adobe products in the last or two as a key way to compromise large numbers of machines in short order.

Reader is one of the more widely deployed pieces of software in the world and Adobe and its security team have been under intense criticism recently for the number and severity of vulnerabilities present in the last few releases of Reader in particular.

[See: A Chat With Adobe’s Brad Arkin]

The sandbox technology works by essentially preventing malicious code that is used to exploit a bug in Reader from allowing an attacker to break out of the application and gain access to other apps or the operating system. Reader Protected Mode will employ an intermediary process called the “broker process” that will dictate what actions Reader is allowed to take with other applications or with the OS. This is meant to stop attackers from using Reader as a jumping-off point for further attacks on the PC.

“With Adobe Reader Protected Mode enabled (it will be by default), all
operations required by Adobe Reader to display the PDF file to the user
are run in a very restricted manner inside a confined environment, the ‘sandbox.’ Should Adobe Reader need to perform an action that is not
permitted in the sandboxed environment, such as writing to the user’s
temporary folder or launching an attachment inside a PDF file using an
external application (e.g. Microsoft Word), those requests are funneled
through a ‘broker process,’ which has a strict set of policies for what
is allowed and disallowed to prevent access to dangerous functionality,” Brad Arkin, director of product security and privacy at Adobe said in a blog post earlier this year.

“The initial release of Adobe Reader Protected Mode will be the first
phase in the implementation of the sandboxing technology. This first
release will sandbox all “write” calls on Windows 7, Windows Vista,
Windows XP, Windows Server 2008, and Windows Server 2003. This will
mitigate the risk of exploits seeking to install malware on the user’s
computer or otherwise change the computer’s file system or registry. In
future releases of Adobe Reader, we plan to extend the sandbox to
include read-only activities to protect against attackers seeking to
read sensitive information on the user’s computer.”

There has been a string of serious bugs discovered in Adobe Reader in 2010, many of which have been targeted by attackers, who have found success in emailing malicious PDFs to unsuspecting users.