Thursday, October 7, 2010

Adobe Details Proposed Reader 'Sandbox' Security

Posted by OurTech Team | Thursday, October 7, 2010 | Category: , , |

sandbox.jpgIf you read enough security vulnerability reports you'll notice some patterns. Often, through some sort of software bug a malicious data file takes control of the program parsing it and uses that program context to do evil things.

Obviously it would be best if no vulnerabilities existed to be exploited, but that's a lot to ask of any large program. Some systemic measures, like ASLR and DEP, attempt to prevent any vulnerabilities from being exploitable, but they often miss things.

Another approach, which Adobe announced in July, was that they would implement a sandbox architecture in Reader for Windows. All the same vulnerabilities affect Acrobat and most of them affect other operating systems, but Reader for Windows was chosen because it's the overwhelming majority of the installed base and therefore the overwhelming majority of the systems attacked. Remove the ability to attack Reader and attackers will look elsewhere.

Currently have 0 Comments:

Leave a Reply