Feeds

Adobe to fortify widely exploited Reader with security sandbox

Like airbags for apps

Top 5 reasons to deploy VMware with Tegile

Under criticism for being the world's most exploited application, Adobe Systems' Reader program will soon include a security design that's intended to thwart malicious attacks against end users.

Borrowing a page from engineers at Microsoft and Google, Adobe is adding the a so-called sandbox feature to Adobe Reader for Windows operating systems. The protected mode will run by default to force the document reader to run in a highly restricted environment that prevents the underlying PC from carrying out sensitive functions. Installing and deleting files, modifying the system registry and launching other programs will no longer be possible under most circumstances.

“The idea is to run the application with lower rights so that even if a bad guy figures out how to take over a process, they can't do much with it,” Brad Arkin, Adobe's senior director of product security and privacy, told El Reg. “The benefit to our customers is it adds another layer of defense so that even if there is a vulnerability that someone is able to exploit, the impact of that attack is diminished.”

Over the past 18 months, Reader users have been repeatedly hammered by hackers pushing attack code that targets unpatched security bugs in the application. In March, Reader edged out Microsoft Word as the most exploited application, according to anti-virus provider F-Secure. Three weeks ago, Adobe pushed out an emergency update to patch at least two vulnerabilities that were being actively attacked in the wild to install malware on end user machines.

The addition of the sandbox architecture can be viewed as similar to adding airbags to a car. It won't purge Reader of bugs, just as airbags aren't intended to prevent accidents. Instead, Adobe hopes the new design will lessen the damage that can result when vulnerabilities are identified. Instead of leading to remote code execution – the holy grail sought by malware purveyors – the bugs would at worst result in a crash of the application.

“We've done everything we can to build the walls of that sandbox as tall as possible,” Arkin said. “We're not sure how the offensive community will react. They may move on to a different product and attack QuickTime instead, or they may look at other applications that are easier to attack. Or they may find clever ways to carry out some type of malicious activity against Reader which are quite different than the attack techniques that they use today.”

Of the dozen or so real-world attacks that have exploited vulnerabilities in versions 8 and 9 of Reader, none of them would have succeeded against the application had it employed the sandbox, Arkin said.

For help, Adobe engineers turned to their counterparts at Microsoft and Google. Microsoft has employed the technology in Office, while Google has it in its Chrome browser. Chrome was the only browser entered into this year's Pwn2Own hacker conference that emerged unscathed, and researchers widely credited the sandbox as the reason why.

Arkin said the sandbox will debut with the next major revision of Reader, which he expects to ship sometime this year. The design will initially block all functions that write to the underlying operating system, a feature that will prevent the remote installation of software on vulnerable machines. Eventually the sandbox will be extended to allow read-only activities, which Arkin said would help prevent more sophisticated attacks such as memory-resident exploits.

Adobe has been working on the new design in earnest for almost a year. In addition to Microsoft and Google, it has also sought help from third-party security consultancies and customers. Adobe has no plans at the moment to deploy a sandbox feature for Reader versions running on Max OS X or Unix.

There are no plans to add a similar feature to Flash Player, the other Adobe application that has come under repeated attack, although users of Windows Vista and Windows 7 have a protected mode for Internet Explorer plugins that includes Flash.

Adobe has more here and here. ®

Remote control for virtualized desktops

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.