Adobe adding sandbox mode to Reader 10

[nsane.forums]

New version due by the end of the year

Adobe's next version of Reader will be out before the end of the year, offering new security features designed to defend against recent attacks on the software.

Brad Arkin, senior director of product security and privacy at Adobe, told V3.co.uk at the RSA Conference Europe that the new security features will be available within three months.

"It will be in the next major version that we release which will be available before the end of the year," he said.

Adobe Reader Protected Mode uses sandboxing technology to limit the potential damage from a hacking attack.

"Even if a bad guy finds a flaw to attack they are stuck in the sandbox. They would need a second level do something interesting," said Arkin.

"This is a proven technology developed by Microsoft, and we can protect customers against vulnerabilities that we don't yet know about by adding this extra layer of defence."

Arkin also claimed that all the attacks against Reader in the past could have been stopped with the sandboxing mode, although he stressed that this does not provide protection against attacks such as phishing.

Arkin explained that 98 per cent of desktop devices run some kind of Adobe program, and that it is unsurprising that the software is targeted so exhaustively by hackers, and that it is essentially "impossible to get perfect code".

Adobe is often criticised for security flaws in its software and frequently releases patches to cover these weak spots. The company released 23 patches last week for its Acrobat and Reader software.

Adobe told V3.co.uk that it will have a specific launch date for Reader 10 before the end of the week.

View: Original Article