Adobe beefs up PDF Reader security with sandbox

Adobe has announced its PDF document reader software for Windows is to include sandbox security from the next major release.

Adobe has announced its PDF document reader software for Windows is to include sandbox security from the next major release.

The protected mode in Adobe Reader has been built with input from across the software industry, said Brad Arkin, senior director of product security and privacy at Adobe.

"We have had input from the Microsoft Office security team, the Chrome team at Google, other members of the security community and customers," he told Computer Weekly.

Adobe software engineers also used input from customers and other stakeholders to build in an additional layer of security based on mature sandboxing technology used by Microsoft and Google.

"Our goal is to bring ever available resource to bear, to make this implementation as robust as possible against potential attack," said Arkin.

The protected mode will be enabled by default and will block the application from carrying out functions such as installing or deleting files and modifying system information.

"Any malicious code in PDF files will be contained within the Adobe Reader sandbox and prevent its installation on the user's system," said Arkin.

All PDF processing, including JavaScript execution, happens in the sandbox and is confined to its limits with no access to computer files, registry or processes and without browser dependency.

"If an attacker exploits any vulnerability in any of that code base, it still remains inside the sandbox, which makes it harder to carry out an attack even if they find a vulnerability," said Arkin.

Any legitimate action not permitted in the sandboxed environment, such as saving a file, is channelled through a broker process that is governed by strict policies that will prevent access to dangerous functionality.

"To be successful, an attacker would have to carry out a two-stage attack that would not only exploit something in Reader, but would then also need to get around the broker process," said Arkin.

Protected mode is invisible to the user, will not affect the performance of the application, but will eliminate many of the common attack methods being used against Adobe Reader, he said.

This includes any type of memory trespass attack that would allow the attacker to take control of a process, said Arkin.

It is not a silver bullet to protect against all types of security attacks such as phishing, clickjacking and unauthorised network access, he said.

"But, we believe this sandbox technology provides robust defence against the vast majority of the different exploits and attacks we see in the wild today," he said.

Adobe Reader protected mode will work with all current versions of the Microsoft Windows operating system and will not interrupt the work flows of users.

The only known exception, said Arkin, is the assistive technologies such as screen readers for visually impaired users in Windows XP. In such cases, protected mode will have to be disabled.

The first release of Adobe Reader with protected mode will sandbox all "write" calls to mitigate risk of exploits seeking to install malware or change computer file systems.

In future releases, Adobe plans to extend the sandbox functionality to include "read-only" and "read" activities to protect against attackers seeking to read information on targeted computers.

Read more on IT risk management