Hey, this is a heads up. If you're like me and read PDFs on your computer ever, read on. Adobe has released a new version of their Adobe Reader which includes a sandbox. No that doesn't mean it has an open world you can run around and do sh!t in :P
Rather, this sandbox means it's walled from viral infection. As I'm sure many of you know, PDFs have been a primary infection vector in the last several years. A rogue website or rogue ad will invisibly open a PDF on your browser and infect you via active-X scripting abilities of the reader.
This was a major problem because Adobe Reader left activeX enabled by default. And it wasn't just Adobe, many other PDF readers had the same vulnerability.
Well, Adobe is finally addressing the problem. Adobe Reader X
limits its access to your system via a sandbox, preventing infection. At last.
I suggest you install it.
Now, ARX isn't exactly new, but what is new is that Adobe is now working on a sandboxed version of its flash player! Finally!
Flash Player sandboxing is coming to Firefox
Today, Adobe has launched a public beta of our new Flash Player sandbox (aka “Protected Mode”) for the Firefox browser.
The design of this sandbox is similar to what Adobe delivered with Adobe Reader X Protected Mode and follows the same Practical Windows Sandboxing approach. Like the Adobe Reader X sandbox, Flash Player will establish a low integrity, highly restricted process that must communicate through a broker to limit its privileged activities. The sandboxed process is restricted with the same job limits and privilege restrictions as the Adobe Reader Protected Mode implementation. Adobe Flash Player Protected Mode for Firefox 4.0 or later will be supported on both Windows Vista and Windows 7.
We would like to thank the Mozilla team for assisting us with some of the more challenging browser integration bugs. For Flash Player, this is the next evolutionary step in protecting our customers.
Sandboxing technology has proven very effective in protecting users by increasing the cost and complexity of authoring effective exploits. For example, since its launch in November 2010, we have not seen a single successful exploit in the wild against Adobe Reader X. We hope to see similar results with the Flash Player sandbox for Firefox once the final version is released later this year.
In the meantime, please help us get these protections out to end-users as fast as possible by volunteering to download our beta and help test. Information on known bugs, configuration options and other information can be found on Adobe Labs in the “Getting Started” section.