Feeds

Adobe to fortify widely exploited Reader with security sandbox

Like airbags for apps

Providing a secure and efficient Helpdesk

Under criticism for being the world's most exploited application, Adobe Systems' Reader program will soon include a security design that's intended to thwart malicious attacks against end users.

Borrowing a page from engineers at Microsoft and Google, Adobe is adding the a so-called sandbox feature to Adobe Reader for Windows operating systems. The protected mode will run by default to force the document reader to run in a highly restricted environment that prevents the underlying PC from carrying out sensitive functions. Installing and deleting files, modifying the system registry and launching other programs will no longer be possible under most circumstances.

“The idea is to run the application with lower rights so that even if a bad guy figures out how to take over a process, they can't do much with it,” Brad Arkin, Adobe's senior director of product security and privacy, told El Reg. “The benefit to our customers is it adds another layer of defense so that even if there is a vulnerability that someone is able to exploit, the impact of that attack is diminished.”

Over the past 18 months, Reader users have been repeatedly hammered by hackers pushing attack code that targets unpatched security bugs in the application. In March, Reader edged out Microsoft Word as the most exploited application, according to anti-virus provider F-Secure. Three weeks ago, Adobe pushed out an emergency update to patch at least two vulnerabilities that were being actively attacked in the wild to install malware on end user machines.

The addition of the sandbox architecture can be viewed as similar to adding airbags to a car. It won't purge Reader of bugs, just as airbags aren't intended to prevent accidents. Instead, Adobe hopes the new design will lessen the damage that can result when vulnerabilities are identified. Instead of leading to remote code execution – the holy grail sought by malware purveyors – the bugs would at worst result in a crash of the application.

“We've done everything we can to build the walls of that sandbox as tall as possible,” Arkin said. “We're not sure how the offensive community will react. They may move on to a different product and attack QuickTime instead, or they may look at other applications that are easier to attack. Or they may find clever ways to carry out some type of malicious activity against Reader which are quite different than the attack techniques that they use today.”

Of the dozen or so real-world attacks that have exploited vulnerabilities in versions 8 and 9 of Reader, none of them would have succeeded against the application had it employed the sandbox, Arkin said.

For help, Adobe engineers turned to their counterparts at Microsoft and Google. Microsoft has employed the technology in Office, while Google has it in its Chrome browser. Chrome was the only browser entered into this year's Pwn2Own hacker conference that emerged unscathed, and researchers widely credited the sandbox as the reason why.

Arkin said the sandbox will debut with the next major revision of Reader, which he expects to ship sometime this year. The design will initially block all functions that write to the underlying operating system, a feature that will prevent the remote installation of software on vulnerable machines. Eventually the sandbox will be extended to allow read-only activities, which Arkin said would help prevent more sophisticated attacks such as memory-resident exploits.

Adobe has been working on the new design in earnest for almost a year. In addition to Microsoft and Google, it has also sought help from third-party security consultancies and customers. Adobe has no plans at the moment to deploy a sandbox feature for Reader versions running on Max OS X or Unix.

There are no plans to add a similar feature to Flash Player, the other Adobe application that has come under repeated attack, although users of Windows Vista and Windows 7 have a protected mode for Internet Explorer plugins that includes Flash.

Adobe has more here and here. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.