The function, dubbed ‘Protected Mode’ by Adobe, blocks attempts by infected PDFs to write and execute code. It should also prevent infected files from making registry changes. Future versions will reportedly control read access to prevent attackers from reading confidential data from the file system.
According to Adobe blog, with Adobe Reader Protected Mode enabled (it will be by default), all operations required by Adobe Reader to display the PDF file to the user are run in a very restricted manner inside a confined environment, the “sandbox.” Should Adobe Reader need to perform an action that is not permitted in the sandboxed environment, such as writing to the user’s temporary folder or launching an attachment inside a PDF file using an external application (e.g. Microsoft Word), those requests are funneled through a “broker process,” which has a strict set of policies for what is allowed and disallowed to prevent access to dangerous functionality.
Adobe released version 9.4.1, which fixed more than 19 vulnerabilities a few days ago.
Download Adobe Reader X here.