Monday 22 November 2010

Adobe Reader Protect Mode

Back in July this year, Adobe announced the release of a new security framework which will add a greater level of security to their Reader application. Adobe Reader, which is widely known to be one of (if not the) largest threat vectors in terms of remote exploits, now employs a sandboxing technique to mitigate the attacker’s ability to run malicious code on the host. Adobe states that the new design has three major effects:

  • All PDF processing such as PDF and image parsing, JavaScript execution, font rendering, and 3D rendering happens in the sandbox.
  • Processes that need to perform some action outside the sandbox boundary must do so through a trusted proxy called a “broker process.”
  • The sandbox creates a new distinction of two security principals: the user principal, which is the context in which the user’s logon session runs, and the PDF principal, which is the isolated process that parses and renders the PDF. This distinction is established by a trust boundary at the process level between the sandbox process and the rest of the user’s logon session and the operating system.


For more detailed information on this, Adobe has started a blog thread pertaining to this new approach, which can be found here.
Posted by at
Labels: , , ,

2 comments:

  1. pentesticlesTuesday 23 November 2010 at 14:49:00 GMT

    Following on from this post, it appears that Adobe X is not compatible with quite a few AV Vendors, including SEP when NTP is enabled. http://kb2.adobe.com/cps/860/cpsid_86063.html#main_antivirus

    ReplyDelete
  2. pentesticlesTuesday 23 November 2010 at 15:06:00 GMT

    Link to SEP post on Symantec connect.

    http://www.symantec.com/connect/forums/adobe-reader-x-does-not-start-protected-mode-when-ntp-enabled

    ReplyDelete

Subscribe to: Post Comments (Atom)