About Time

Adobe has been receiving a ton of flack form the security community recently due to all the holes being exploited in their Reader and Flash applications. Well it appears Adobe is finally sandboxing Reader in the hopes of preventing malicious exploitation of the software.

I’m sure not many people think too much about receiving a PDF. I mean it’s a document that is read-only. Well except for the fact that PDF’s can include JavaScript which is executable by Reader because… it was bad idea gets included into the product day I guess. Hopefully Adobe gets their sandbox working correctly although I’m skeptical looking back at their previous security practices (quarterly update cycles anybody?).