Adobe added a sandbox mechanism to isolate write operations called Protected Mode in Adobe Reader 10. The sandbox was further expanded to cover read-only operations as well in Adobe Reader 11, through a second mechanism called Protected View.
Back in November, security researchers from Russian security firm Group-IB reported that an exploit for Adobe Reader 10 and 11 was being sold on cybercriminal forums for between US$30,000 and $50,000. The exploit's existence was not confirmed by Adobe at the time.
"Before the introduction of the sandbox, Adobe Reader was one of the most targeted third-party applications by cybercriminals," Bogdan Botezatu, a senior e-threat analyst at antivirus vendor BitDefender, said Wednesday via email. "If this is confirmed, the discovery of a hole in the sandbox will be of crucial importance and will definitely become massively exploited by cybercriminals."
Botezatu believes that bypassing the Adobe Reader sandbox is a difficult task, but he expected this to happen at some point because the large number of Adobe Reader installations makes the product an attractive target for cybercriminals. "No matter how much companies invest in testing, they still can't ensure that their applications are bug free when deployed on production machines," he said.
Unfortunately Adobe Reader users don't have many options to protect themselves if a sandbox bypassing exploit actually exists, except for being extremely careful of what files and links they open, Botezatu said. Users should update their installations as soon as a patch becomes available, he said.