Adobe today announced its new Acrobat X Family of products, which includes Adobe Reader X as well as Acrobat X Suite, Acrobat X Pro, and Acrobat X Standard. In the new release, Adobe is adding an entirely new security strategy by introducing a new “Protected Mode” in Acrobat Reader. Announced this past summer, Protected Mode utilizes “sandboxing” technology based on Microsoft’s “Practical Windows Sandboxing technique ” – a method of isolating the application from the rest of the operating system and tightly controlling its resources.
Protected Mode will be enabled by default and users will need to take action and “approve” certain actions. According to Brad Arkin at Adobe, if Acrobat Reader needs to perform an action that isn’t permitted in the sandboxed environment, such as writing to the user’s temporary folder or launching an attachment inside a PDF file using an external application, the requests are funneled through a “broker process,” which has a strict set of policies for what is allowed and disallowed to prevent access to dangerous functionality.
Adobe, Microsoft and other third parties have been working closely together on the new sandboxing technology. This past summer, Microsoft and Adobe announced an agreement to collaborate and facilitate advanced information sharing on vulnerabilities via the Microsoft Active Protections Program (MAPP) which Adobe has joined. MAPP is a collaborative effort involving 65 global members that facilitates the sharing of product vulnerabilities with security software providers.
“Adobe Reader Protected Mode represents an exciting new advancement in attack mitigation. Even if an exploitable security vulnerability is found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files, changing registry keys or installing malware on potential victims’ computers,” said Brad Arkin in a blog post when the feature was first announced.
Acrobat X is scheduled to ship within 30 days and Acrobat Reader X will be available online sometime in November.
Brad Arkin talks about the new security features of Adobe Acrobat X Below.