Security Experts:

Adobe Strengthens Sandbox Security in Reader, Acrobat

Adobe Systems beefed up the security capabilities of its Reader and Acrobat software with a more robust sandbox and new security mitigation features.

Adobe Reader XI and Acrobat XI began shipping this week, according to Adobe. The new versions include a new whitelisting framework, cryptographic capabilities, and a feature that forces all of the DLL files loaded to use ASLR (Address Space Layout Randomization), even if the files were not originally compiled with ASLR enabled. However, the biggest change in Reader and Acrobat XI is in the sandbox.

Adobe enhanced the Protected Mode in Reader XI, adding data theft prevention capabilities, Priyank Choudhury, a security researcher at Adobe, wrote on the Adobe Secure Software Engineering Team blog on Wednesday. The original sandbox in Reader X focused on "write protection" to prevent attackers from installing malware on to the machine or recording user keystrokes. Reader XI now restricts "read-only activities" to prevent attackers from reading sensitive information, Choudhury said.

Adobe originally introduced the sandbox in Reader X to prevent malware from being able to exploit a vulnerability in Reader to piggyback onto the operating system or other applications.

"Since we added sandbox protection to Adobe Reader and Acrobat, we have not seen any exploits in the wild that break out of the Adobe Reader and Acrobat X sandbox," Choudhury said.

Adobe also added Protected View to Reader, which "implements a separate desktop and WinStation" to provide an additional layer of defense, Scott Gottwals, group product manager of Adobe Reader, wrote Wednesday on the Adobe Reader Blog.

Protected View would block screen scraping attacks, for example, Choudhury said.

The PDF Whitelisting Framework allows administrators to selectively enable JavaScript for specific PDF files, sites or hosts. Adobe also now supports Elliptic Curve Cryptography (ECC) for digital signatures to protect data content.

Adobe also implemented Force ASLR to extend how address space layout randomization is used in Reader and Acrobat. The mitigation technology randomizes the locations of memory components to make them less predictable for attackers to find and exploit. Force ASLR ensures that all DLLs loaded by Adobe Reader or Acrobat XI, including legacy DLLs without ASLR enabled, are randomized, Choudhury said.

"By enabling Force ASLR in Adobe Reader and Acrobat XI, we are making it even more difficult for an attacker to exploit vulnerabilities," Choudhury said.

Fahmida Y. Rashid is a contributing writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.