Sandbox technology, which is used to isolate processes in an application in an effort to minimize risk to the underlying operating system, is proving useful in reducing vulnerabilities, according to IBM.
Adobe embraced sandbox technology over the past year. Its Adobe Reader X program implements a process sandbox for PDF in an effort to reduce the usage of Adobe’s technology as an attack vector. McFadden said IBM’s mid-year report shows a correlation between the adoption and release of Reader X and the sandbox and a decline in Adobe exploits.
He added that Reader X is doing a good job of isolating PDF documents from the base operating system.
“There has been a major decline in the number of vulnerabilities and exploitation in the PDF document format,” Clinton McFadden, senior operations manager for IBM X-Force Research and Development, told eSecurity Planet. “That doesn’t mean there are no more vulnerabilities in PDF; no one has squeezed that rag dry. It’s just that the cost of breaking out of the sandbox and attacking the OS is now just far too expensive.”