Feeds

Adobe to fortify widely exploited Reader with security sandbox

Like airbags for apps

Next gen security for virtualised datacentres

Under criticism for being the world's most exploited application, Adobe Systems' Reader program will soon include a security design that's intended to thwart malicious attacks against end users.

Borrowing a page from engineers at Microsoft and Google, Adobe is adding the a so-called sandbox feature to Adobe Reader for Windows operating systems. The protected mode will run by default to force the document reader to run in a highly restricted environment that prevents the underlying PC from carrying out sensitive functions. Installing and deleting files, modifying the system registry and launching other programs will no longer be possible under most circumstances.

“The idea is to run the application with lower rights so that even if a bad guy figures out how to take over a process, they can't do much with it,” Brad Arkin, Adobe's senior director of product security and privacy, told El Reg. “The benefit to our customers is it adds another layer of defense so that even if there is a vulnerability that someone is able to exploit, the impact of that attack is diminished.”

Over the past 18 months, Reader users have been repeatedly hammered by hackers pushing attack code that targets unpatched security bugs in the application. In March, Reader edged out Microsoft Word as the most exploited application, according to anti-virus provider F-Secure. Three weeks ago, Adobe pushed out an emergency update to patch at least two vulnerabilities that were being actively attacked in the wild to install malware on end user machines.

The addition of the sandbox architecture can be viewed as similar to adding airbags to a car. It won't purge Reader of bugs, just as airbags aren't intended to prevent accidents. Instead, Adobe hopes the new design will lessen the damage that can result when vulnerabilities are identified. Instead of leading to remote code execution – the holy grail sought by malware purveyors – the bugs would at worst result in a crash of the application.

“We've done everything we can to build the walls of that sandbox as tall as possible,” Arkin said. “We're not sure how the offensive community will react. They may move on to a different product and attack QuickTime instead, or they may look at other applications that are easier to attack. Or they may find clever ways to carry out some type of malicious activity against Reader which are quite different than the attack techniques that they use today.”

Of the dozen or so real-world attacks that have exploited vulnerabilities in versions 8 and 9 of Reader, none of them would have succeeded against the application had it employed the sandbox, Arkin said.

For help, Adobe engineers turned to their counterparts at Microsoft and Google. Microsoft has employed the technology in Office, while Google has it in its Chrome browser. Chrome was the only browser entered into this year's Pwn2Own hacker conference that emerged unscathed, and researchers widely credited the sandbox as the reason why.

Arkin said the sandbox will debut with the next major revision of Reader, which he expects to ship sometime this year. The design will initially block all functions that write to the underlying operating system, a feature that will prevent the remote installation of software on vulnerable machines. Eventually the sandbox will be extended to allow read-only activities, which Arkin said would help prevent more sophisticated attacks such as memory-resident exploits.

Adobe has been working on the new design in earnest for almost a year. In addition to Microsoft and Google, it has also sought help from third-party security consultancies and customers. Adobe has no plans at the moment to deploy a sandbox feature for Reader versions running on Max OS X or Unix.

There are no plans to add a similar feature to Flash Player, the other Adobe application that has come under repeated attack, although users of Windows Vista and Windows 7 have a protected mode for Internet Explorer plugins that includes Flash.

Adobe has more here and here. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.