On Tue, Jul 20, 2010 at 11:11 AM, Larry Seltzer <[email protected]> wrote: > http://blogs.pcmag.com/securitywatch/2010/07/adobe_to_implement_reader_sand.php > > > > Adobe is implementing Windows sandboxing, similar to that in Google Chrome > and Office 2010, in the next major version of Reader. Such sandboxes don’t > eliminate vulnerabilities or exploits, but they run exploit code in a > crippled environment in which it can’t accomplish anything it might want. > Well, almost nothing. > > Personally, I think this will go a long way towards pushing attacks away > from PDF, although it will depend on how quickly they can push their users > onto the new version.
What about their other products, such as Flash and AIR? There's a reason Adobe is the most attacked software [1,2], and its probably because they write the most vulnerable software (or adversaries are looking for a challenge, which seems less intuitive and highly unlikely to me). Jeff [1] "Adobe surpasses Microsoft as favorite hacker’s target" (Jul 2009) http://lastwatchdog.com/adobe-surpasses-microsoft-favorite-hackers-target/ [2] "Adobe predicted as top 2010 hacker target" (Dec 2009) http://www.theregister.co.uk/2009/12/29/security_predictions_2010/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
