Adobe Bolsters Security In Reader, Acrobat XI

  /     /     /  
Publicated : 22/11/2024   Category : security


Adobe Bolsters Security In Reader, Acrobat XI


Adobe builds on its sandboxing protections as part of a series of moves to improve security



Adobe Systems made a number of moves to improve security in Adobe Reader and Acrobat with new releases of the applications today.
Building off of the sandboxing protections the company first introduced into its products in 2010, Adobe has taken steps to add another layer of defense to the sandbox in the latest versions of Reader and Acrobat. In the case of Adobe Reader XI, the company has added data theft prevention capabilities by restricting read-only activities to prevent attackers from reading sensitive information on the users computer. The company also has implemented a separate desktop and WinStation in both Reader and Acrobat to block screen-scraping attacks.
This mode effectively introduces a new Protected View in Adobe Reader and enhances the Protected View implementation in Adobe Acrobat even further,
explains Priyank Choudhury
, a security researcher with Adobe Secure Software Engineering Team (ASSET), in reference to the separate desktop and WinStation. Protected View behaves identically for Adobe Reader and Acrobat, whether viewing PDF files in the standalone product or in the browser.
In addition to the enhancements to Adobes sandboxing capabilities, the company also enabled support for Force ASLR (Address Space Layout Randomization) on Windows 7 and Windows 8. According to Adobe, Force ASLR ensures all DLL files loaded by Adobe Reader or Acrobat -- including legacy DLLs without ASLR enabled -- are randomized. The move will make it more difficult for an attacker to exploit vulnerabilities, Choudhury explains.
The company also added the Adobe PDF Whitelisting Framework, which allows administrators to selectively enable advanced functionality, such as JavaScript for specific PDF files, sites, or hosts on both Windows and Mac OS X.
The final piece of the security overhaul is newly added support for Elliptic Curve Cryptography (ECC) for digital signatures. Users can now embed long-term validation information automatically when using certificate signatures and use certificate signatures that support elliptic curve cryptography (ECC)-based credentials, Choudhury blogs.
Over the last year, we have continued to work on adding security capabilities to Adobe Reader and Acrobat, and today [Oct. 17], we are very excited to present Adobe Reader and Acrobat XI with a number of new or enhanced security features, he writes, adding that Adobe is excited about these additional security capabilities in Adobe Reader and Acrobat XI, which mark the latest in our continued endeavor to help protect our customers by providing a safer working environment.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Adobe Bolsters Security In Reader, Acrobat XI