June 19, 2021

Adobe Reader X with Windows Sandbox

Adobe Systems has added a new security layer to Windows versions of its document reader, Adobe Reader X by implementing Sandbox function.

The function, dubbed ‘Protected Mode’ by Adobe, blocks attempts by infected PDFs to write and execute code. It should also prevent infected files from making registry changes. Future versions will reportedly control read access to prevent attackers from reading confidential data from the file system.

According to Adobe blog, with Adobe Reader Protected Mode enabled (it will be by default), all operations required by Adobe Reader to display the PDF file to the user are run in a very restricted manner inside a confined environment, the “sandbox.” Should Adobe Reader need to perform an action that is not permitted in the sandboxed environment, such as writing to the user’s temporary folder or launching an attachment inside a PDF file using an external application (e.g. Microsoft Word), those requests are funneled through a “broker process,” which has a strict set of policies for what is allowed and disallowed to prevent access to dangerous functionality.

Adobe released version 9.4.1, which fixed more than 19 vulnerabilities a few days ago.

Download Adobe Reader X here.

Unscheduled Security Update for Adobe Reader and Acrobat

The unscheduled security update for Adobe Reader and Acrobat to fixes more than 18 security holes. Here is the release note from Adobe Security Bulletin:

Critical vulnerabilities have been identified in Adobe Reader 9.4 (and earlier versions) for Windows, Macintosh and UNIX, and Adobe Acrobat 9.4 (and earlier 9.x versions) for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

In addition to addressing CVE-2010-3654 noted in Security Advisory APSA10-05 and CVE-2010-4091 referenced in the Adobe PSIRT blog (“Potential issue in Adobe Reader“), these updates also incorporate the Adobe Flash Player update as noted in Security Bulletin APSB10-26.

[ad code=6 align=left]

Adobe recommends users of Adobe Reader 9.4 and earlier versions for Windows and Macintosh update to Adobe Reader 9.4.1, available now. Adobe recommends users of Adobe Reader 9.4 and earlier versions for UNIX update to Adobe Reader 9.4.1, expected to be available on November 30, 2010. Adobe recommends users of Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh update to Adobe Acrobat 9.4.1.

Note that these updates represent an out-of-cycle release. The next quarterly security updates for Adobe Reader and Acrobat are scheduled for February 8, 2011.

Please visit Adobe Security Bulletins for more information about this update.

Source:[Adobe Security Bulletins]