[funsec] Adobe to Implement Reader Sandbox

Jeffrey Walton noloader at gmail.com
Wed Jul 21 08:23:22 CDT 2010


On Tue, Jul 20, 2010 at 11:11 AM, Larry Seltzer <larry at larryseltzer.com> wrote:
> http://blogs.pcmag.com/securitywatch/2010/07/adobe_to_implement_reader_sand.php
>
>
>
> Adobe is implementing Windows sandboxing, similar to that in Google Chrome
> and Office 2010, in the next major version of Reader. Such sandboxes don’t
> eliminate vulnerabilities or exploits, but they run exploit code in a
> crippled environment in which it can’t accomplish anything it might want.
> Well, almost nothing.
>
> Personally, I think this will go a long way towards pushing attacks away
> from PDF, although it will depend on how quickly they can push their users
> onto the new version.

What about their other products, such as Flash and AIR?

There's a reason Adobe is the most attacked software [1,2], and its
probably because they write the most vulnerable software (or
adversaries are looking for a challenge, which seems less intuitive
and highly unlikely to me).

Jeff

[1] "Adobe surpasses Microsoft as favorite hacker’s target" (Jul 2009)
http://lastwatchdog.com/adobe-surpasses-microsoft-favorite-hackers-target/

[2] "Adobe predicted as top 2010 hacker target" (Dec 2009)
http://www.theregister.co.uk/2009/12/29/security_predictions_2010/



More information about the funsec mailing list