Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Endpoint Security

Adobe Strengthens Sandbox Security in Reader, Acrobat

Adobe Systems beefed up the security capabilities of its Reader and Acrobat software with a more robust sandbox and new security mitigation features.

Adobe Systems beefed up the security capabilities of its Reader and Acrobat software with a more robust sandbox and new security mitigation features.

Adobe Reader XI and Acrobat XI began shipping this week, according to Adobe. The new versions include a new whitelisting framework, cryptographic capabilities, and a feature that forces all of the DLL files loaded to use ASLR (Address Space Layout Randomization), even if the files were not originally compiled with ASLR enabled. However, the biggest change in Reader and Acrobat XI is in the sandbox.

Adobe enhanced the Protected Mode in Reader XI, adding data theft prevention capabilities, Priyank Choudhury, a security researcher at Adobe, wrote on the Adobe Secure Software Engineering Team blog on Wednesday. The original sandbox in Reader X focused on “write protection” to prevent attackers from installing malware on to the machine or recording user keystrokes. Reader XI now restricts “read-only activities” to prevent attackers from reading sensitive information, Choudhury said.

Adobe originally introduced the sandbox in Reader X to prevent malware from being able to exploit a vulnerability in Reader to piggyback onto the operating system or other applications.

“Since we added sandbox protection to Adobe Reader and Acrobat, we have not seen any exploits in the wild that break out of the Adobe Reader and Acrobat X sandbox,” Choudhury said.

Adobe also added Protected View to Reader, which “implements a separate desktop and WinStation” to provide an additional layer of defense, Scott Gottwals, group product manager of Adobe Reader, wrote Wednesday on the Adobe Reader Blog.

Protected View would block screen scraping attacks, for example, Choudhury said.

Advertisement. Scroll to continue reading.

The PDF Whitelisting Framework allows administrators to selectively enable JavaScript for specific PDF files, sites or hosts. Adobe also now supports Elliptic Curve Cryptography (ECC) for digital signatures to protect data content.

Adobe also implemented Force ASLR to extend how address space layout randomization is used in Reader and Acrobat. The mitigation technology randomizes the locations of memory components to make them less predictable for attackers to find and exploit. Force ASLR ensures that all DLLs loaded by Adobe Reader or Acrobat XI, including legacy DLLs without ASLR enabled, are randomized, Choudhury said.

“By enabling Force ASLR in Adobe Reader and Acrobat XI, we are making it even more difficult for an attacker to exploit vulnerabilities,” Choudhury said.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.