funsec mailing list archives
Re: Adobe to Implement Reader Sandbox
From: Jeffrey Walton <noloader () gmail com>
Date: Wed, 21 Jul 2010 09:23:22 -0400
On Tue, Jul 20, 2010 at 11:11 AM, Larry Seltzer <larry () larryseltzer com> wrote:
http://blogs.pcmag.com/securitywatch/2010/07/adobe_to_implement_reader_sand.php Adobe is implementing Windows sandboxing, similar to that in Google Chrome and Office 2010, in the next major version of Reader. Such sandboxes don’t eliminate vulnerabilities or exploits, but they run exploit code in a crippled environment in which it can’t accomplish anything it might want. Well, almost nothing. Personally, I think this will go a long way towards pushing attacks away from PDF, although it will depend on how quickly they can push their users onto the new version.
What about their other products, such as Flash and AIR? There's a reason Adobe is the most attacked software [1,2], and its probably because they write the most vulnerable software (or adversaries are looking for a challenge, which seems less intuitive and highly unlikely to me). Jeff [1] "Adobe surpasses Microsoft as favorite hacker’s target" (Jul 2009) http://lastwatchdog.com/adobe-surpasses-microsoft-favorite-hackers-target/ [2] "Adobe predicted as top 2010 hacker target" (Dec 2009) http://www.theregister.co.uk/2009/12/29/security_predictions_2010/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Adobe to Implement Reader Sandbox Larry Seltzer (Jul 20)
- Re: Adobe to Implement Reader Sandbox Jeffrey Walton (Jul 21)