Adobe PDF Reader Rewrite To Include Sandbox Feature

Use Netsparker


A lot of people have complained about the lack of security in Adobe PDF related products and the fact that the very architecture is insecure. There have been a whole spate of PDF related exploits and vulnerabilities lately – some of them being very serious.

It’s good to see Adobe is taking this matter seriously and rather than just issuing patch after patch (firefighting) they are trying to do something fundamentally different with their PDF reader software to fix the root cause.

Now I’m not saying this will solve all the PDF related problems, but it’s good to see them doing a ground up rebuild and implementing safety features like sandboxing.

Adobe has offered more details of the ‘sandbox’ security feature it plans to implement to secure its hugely popular but often-attacked PDF Reader software. First announced last July, the latest description put out by Adobe’s security development team makes clear that Reader’s new ‘protected mode’ will be no mere bolt-on. This is starting to look like a ground-up re-design of how the program operates, almost from scratch.

The new Reader design will see core and risky PDF functions such as font rendering, Javascript execution, 3D rendering and image parsing happen within the confines of the application itself, isolating these from the privileges of the operating system.

This effectively relegates Reader to a new rung of privilege below that if the system user, which stops the application simply accessing key parts of the OS such as the Registry or file system as it likes. Instead all such calls will have to go through a trusted broker process if they want to communicate beyond the sandbox.

It’s a good model though and similar to what Google have done with the Chrome browser.

Separating the ‘dangerous’ parts from the parts that have access to the underlying OS is extremely important, JavaScript execution of course being the main culprit. But other exploits have focused on font and image rendering so they need to be kept away too.


The new design won’t stop exploits targeting Reader but they will limit what can be done from within its confines. At the moment, that is more or less anything the attacker wants, including being able to take over the system.

“The challenge is to enable sandboxing while keeping user workflows functional without turning off features users depend on,” says Adobe’s blog.

As the developers admit, the potential hole in security is always the operating system itself, which can still be compromised, although exploiting such vulnerabilities is as easy as it easy a few years back. Microsoft’s software development lifecycle (SDL) has tightened up code security. The first version sandbox will also not protect against read access to the file system (which allows data theft) or registry, or restricting network access, but future versions will look at this aspect of security.

Adding defence mechanism to specific applications other than browsers is an unusual approach to application design, but Reader’s security troubles have gone beyond that of most applications.

They have a pretty tough challenge on their hands as we know the more security you implement the less usability you have. So they have a precarious balance between retaining features which users require and limiting the amount of damage the software can do to the OS.

But it’s certainly a step in the right direction and as stated above, it certainly wont prevent there being any more exploits in Adobe’s PDF Reader – but it will limit the damage any future exploits can cause.

Source: Network World

Posted in: Countermeasures, Exploits/Vulnerabilities

, , , , ,


Latest Posts:


StaCoAn - Mobile App Static Analysis Tool StaCoAn – Mobile App Static Analysis Tool
StaCoAn is a cross-platform tool which aids developers, bug bounty hunters and ethical hackers performing mobile app static analysis on the code of the application for both native Android and iOS applications.
snallygaster - Scan For Secret Files On HTTP Servers snallygaster – Scan For Secret Files On HTTP Servers
snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn't be public and can pose a s
Portspoof - Spoof All Ports Open & Emulate Valid Services Portspoof – Spoof All Ports Open & Emulate Valid Services
The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port.
Cambridge Analytica Facebook Data Scandal Cambridge Analytica Facebook Data Scandal
One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more.
GetAltName - Discover Sub-Domains From SSL Certificates GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
Memcrashed - Memcached DDoS Exploit Tool Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.


Comments are closed.