Didier Stevens

Friday 19 November 2010

Quickpost: Adobe Reader X

Filed under: PDF,Quickpost — Didier Stevens @ 18:03

In case you’ve not read Adobe’s announcement: Adobe Reader X is out. Use Adobe’s FTP server if you want to avoid their download manager.

Protected Mode Adobe Reader comes with a sandbox (like Internet Explorer, Microsoft Office 2010, Google Chrome) designed to prevent malware from writing to important system components.

If you’re interested in the design details of the sandbox, I recommend Kyle Randolph’s excellent series of posts.

To benefit the most of Adobe Reader’s sandbox, you need to use a Windows version that supports integrity levels (Windows Vista or later). Windows XP will not offer you this protection.

And don’t become complacent about patching your sandboxed applications. Because if there exists a vulnerability that allows one to escape from a sandboxed application, say in IE7 Adobe Reader X, then one can use this vulnerability to escape from other sandboxes, like IE7 Adobe Reader X, based on the same low integrity level design.

Quickpost info

Blog at WordPress.com.