Adobe launches more secure 'sandboxed' Reader X

Technology aims to protect Windows users from PDF-based attacks by isolating system processes, preventing malware from escaping the application

Adobe on Thursday released Reader X, the next version of its popular software that includes a "sandbox" designed to protect users from PDF attacks.

Reader X on Windows features Protected Mode, a technology that isolates system processes, preventing or at least hindering malware from escaping the application to wreak havoc on the computer.

[ InfoWorld's Roger Grimes warns: Don't bury your head in a security sandbox. | Discover what's new in business applications with InfoWorld's Technology: Applications newsletter and Killer Apps blog. ]

The new version is also available for Mac OS X and Android, but those editions lack the sandbox.

Protected Mode is Adobe's response to experts' demands that the company beef up the security of Reader, which is aggressively targeted by attackers. Those hackers frequently exploit unknown and unpatched vulnerabilities, called "zero-days," to infect PCs with malware using rigged PDF documents.

Calling the sandbox a "new advancement" in protective measures, Brad Arkin, Adobe's director of security and privacy, admitted it will not stymie every attack. But he argued it will help.

"Even if exploitable security vulnerabilities are found by an attacker, Adobe Reader Protected Mode will help prevent the attacker from writing files or installing malware on potential victims' computers," Arkin said in a post to a company blog late on Thursday.

Adobe isn't the first to institute sandboxing. Google's Chrome is probably the application best known for using the technology, but Microsoft's Internet Explorer and Office 2010 also offer similar defenses. Today, Arkin again credited both Google and Microsoft for helping Adobe's developers craft Protected Mode.

Protected Mode may take some of the patching pressure off Adobe, which has had to scramble several times this year to fix flaws being used by criminals. Just two days ago, Adobe rolled out patches for a pair of vulnerabilities, one of which had been exploited for at least three weeks.

Tuesday's update was the seventh this year and the sixth time in 2010 that Adobe has either issued an "out-of-band" emergency fix or moved up a regularly-scheduled patch day.

Adobe declined to lay out a timetable today for offering Reader X to existing users. A spokeswoman said only that the company would not initially roll out the new version via Reader's built-in updater.

Last month, however, Arkin told Computerworld that Adobe would urge users of the older Reader 8 to upgrade to Reader X shortly after the latter's launch, but would delay notifying Reader 9 users of the upgrade. "I would like to do both [Reader 8 and Reader 9 update notifications] within the first 12 months of X's release," he said at the time.

Windows and Mac OS X users can manually download Reader X from the Adobe site. Owners of Android-powered smartphones can grab the upgraded app from the Android Market.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed. His email address is gkeizer@computerworld.com.

Read more about app security in Computerworld's App Security Topic Center.

This story, "Adobe launches more secure 'sandboxed' Reader X" was originally published by Computerworld .

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies