Adobe Systems beefed up the security capabilities of its Reader and Acrobat software with a more robust sandbox and new security mitigation features.
Adobe Reader XI and Acrobat XI began shipping this week, according to Adobe. The new versions include a new whitelisting framework, cryptographic capabilities, and a feature that forces all of the DLL files loaded to use ASLR (Address Space Layout Randomization), even if the files were not originally compiled with ASLR enabled. However, the biggest change in Reader and Acrobat XI is in the sandbox.
Adobe enhanced the Protected Mode in Reader XI, adding data theft prevention capabilities, Priyank Choudhury, a security researcher at Adobe, wrote on the Adobe Secure Software Engineering Team blog on Wednesday. The original sandbox in Reader X focused on “write protection” to prevent attackers from installing malware on to the machine or recording user keystrokes. Reader XI now restricts “read-only activities” to prevent attackers from reading sensitive information, Choudhury said.
Adobe originally introduced the sandbox in Reader X to prevent malware from being able to exploit a vulnerability in Reader to piggyback onto the operating system or other applications.
“Since we added sandbox protection to Adobe Reader and Acrobat, we have not seen any exploits in the wild that break out of the Adobe Reader and Acrobat X sandbox,” Choudhury said.
Adobe also added Protected View to Reader, which “implements a separate desktop and WinStation” to provide an additional layer of defense, Scott Gottwals, group product manager of Adobe Reader, wrote Wednesday on the Adobe Reader Blog.
Protected View would block screen scraping attacks, for example, Choudhury said.
The PDF Whitelisting Framework allows administrators to selectively enable JavaScript for specific PDF files, sites or hosts. Adobe also now supports Elliptic Curve Cryptography (ECC) for digital signatures to protect data content.
Adobe also implemented Force ASLR to extend how address space layout randomization is used in Reader and Acrobat. The mitigation technology randomizes the locations of memory components to make them less predictable for attackers to find and exploit. Force ASLR ensures that all DLLs loaded by Adobe Reader or Acrobat XI, including legacy DLLs without ASLR enabled, are randomized, Choudhury said.
“By enabling Force ASLR in Adobe Reader and Acrobat XI, we are making it even more difficult for an attacker to exploit vulnerabilities,” Choudhury said.
More from Fahmida Y. Rashid
- Emissary Panda Hackers Get Selective in Data Heists
- Financial Firms Embrace Cloud With Encryption, Tokenization: Report
- United Airlines Hack Highlights Need for Improved Information Sharing
- CISOs Challenged in C-Suite: Report
- Cyber Attack on Power Grid Could Top $1 Trillion in Damage: Report
- Dyre Malware Gang Targets Spanish Banks
- Ex-employees Have “Easy” Access to Corporate Data: Survey
- Leaked Government Credentials Abundant on Public Web
Latest News
- Many Vulnerabilities Found in PrinterLogic Enterprise Software
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
