[funsec] Adobe to Implement Reader Sandbox
noloader at gmail.com
Wed Jul 21 08:23:22 CDT 2010
On Tue, Jul 20, 2010 at 11:11 AM, Larry Seltzer <larry at larryseltzer.com> wrote:
> Adobe is implementing Windows sandboxing, similar to that in Google Chrome
> and Office 2010, in the next major version of Reader. Such sandboxes don’t
> eliminate vulnerabilities or exploits, but they run exploit code in a
> crippled environment in which it can’t accomplish anything it might want.
> Well, almost nothing.
> Personally, I think this will go a long way towards pushing attacks away
> from PDF, although it will depend on how quickly they can push their users
> onto the new version.
What about their other products, such as Flash and AIR?
There's a reason Adobe is the most attacked software [1,2], and its
probably because they write the most vulnerable software (or
adversaries are looking for a challenge, which seems less intuitive
and highly unlikely to me).
 "Adobe surpasses Microsoft as favorite hacker’s target" (Jul 2009)
 "Adobe predicted as top 2010 hacker target" (Dec 2009)
More information about the funsec