People around the world rely on Adobe® Acrobat® and Adobe Reader® software to create, view, and share all types of documents. Adobe understands the challenges IT organizations face in maintaining the integrity of networked systems and mitigating the risk of exposing critical data in an environment where the threat landscape is constantly changing.
Application security highlights
The Acrobat X Family of products delivers better application security on all platforms as a result of continuing code hardening work, additional administration capabilities that provide more granular control over the execution of JavaScript, tighter integration with the Microsoft® Windows® security architecture, and other best practices in secure software development, following the Adobe Secure Product Lifecycle (SPLC) methodology.
Find technical guides and resources in our Application Security Library for Acrobat and Reader
Protected Mode in Adobe Reader
Available as part of the free Adobe Reader X PDF viewer, Protected Mode limits the level of access to your system for all PDF files, safeguarding Windows desktops from malicious code that tries to write to the computer's file system, delete files, or otherwise modify system information. Protected Mode is enabled by default whenever you launch Reader, reducing the risk of potential security threats on client systems via persistent malware.
Protected View in Adobe Acrobat
Available in the latest update of Acrobat X, Protected View opens a PDF file in a read-only, sandboxed environment until you determine that the document is safe. This added protection measure is simple to use, working like the Protected View feature in Microsoft Office 2010. You can set Protected View as the default mode for opening files from potentially unsafe locations or as the default mode for opening all files by modifying the Enhanced Security Preferences in Acrobat X.
Always-on operating system security
Providing an additional layer of defense against attacks that attempt to control desktop systems or corrupt memory, Acrobat and Reader take advantage of built-in, always-on security protections in Windows and Mac OS.
- Data Execution Prevention prevents placement of data or dangerous code into memory locations that are defined as "protected" by the operating system. Apple offers similar executables protection for Mac OS X v10.6 in the 64-bit Safari browser.
- Address Space Layout Randomization hides memory and page file locations of system components, making it difficult for attackers to find and target those components. Both Windows and Mac OS X v10.6 use this feature.
JavaScript execution
The Acrobat X Family now offers sophisticated and granular controls for managing JavaScript execution for both Windows and Mac OS machines. This flexible approach allows JavaScript to be used as a part of business workflows, while helping to protect users and systems. IT administrators can use these controls to:
- Turn the JavaScript engine on or off
- Enable or disable JavaScript-invoked URLs
- Disable specific JavaScript APIs using the Adobe JavaScript Blacklist Framework
- Control the execution of high-privileged JavaScript, independently of other permissions
All these restrictions can be selectively bypassed for trusted locations such as files, folders, and hosts.
Cross-domain configuration
Acrobat addresses concerns about trust and risk with a default setting that manages cross-domain access for both Windows and Mac OS desktops. Administrators can use the Adobe cross-domain specification to create policy files that allow them to manage cross-domain access at the server level. You can enable or disable cross-domain access, as required.
Deployment and administration tools
Acrobat X and Reader X include a range of new resources and free tools to ease the deployment, updating, and administration of Adobe products in your organization.
Support for Microsoft SCCM/SCUP
Now you can efficiently import and publish updates via Microsoft System Center Configuration Manager (SCCM) to ensure managed Windows desktops stay current on security patches and updates. Adobe has enhanced integration with Microsoft SCCM with new support for Microsoft System Center Updates Publisher (SCUP) catalogs. Together, SCCM and SCUP allow you to automate updates to Acrobat and Reader software across your organization, as well as streamline initial software deployments.
Registry-level and plist configuration
Acrobat and Reader provide desktop administrators with a number of tools to manage security settings, including registry-level preferences. With these settings, administrators can configure clients, before and after deployment, to:
- Turn enhanced security on or off
- Turn privileged locations on or off
- Specify predefined privileged locations
- Lock certain features and disable the application UI so that end users cannot change the settings
- Disable, enable, and otherwise configure almost any other security-related feature
Regular updates and patches
To help you keep your software up to date, Adobe proactively delivers regularly scheduled updates that contain both feature upgrades and security fixes. For rapid responses to zero-day attacks, Adobe delivers out-of-cycle patches as needed.
Sign up for the Adobe Security Notification Service
Get a free email bulletin with timely information about Adobe security updates
Download the latest patch releases, including security enhancements and bug fixes.
Adobe Customization Wizard and AIM
For even greater control over your enterprise-wide deployments, Adobe provides these free tools:
- Adobe Customization Wizard
Download a free utility that enables you to customize the Acrobat Installer and configure application features prior to full deployment. - Administrator's Information Manager (AIM)
This auto-updating and customizable Adobe AIR® application contains the Preference Reference. AIM also includes a growing list of other resources of interest to administrators in enterprise settings.
Visit the Acrobat Family enterprise administration support page for more information
Dedicated engineering teams
Adobe's software engineering teams proactively identify, evaluate, and fix vulnerabilities in our software.
- The Adobe Secure Software Engineering Team (ASSET) works with product security teams to help ensure the highest level of security is built into every Adobe product before it ships. The ASSET team also conducts proactive security reviews and performs incident analysis to drive further application security improvements.
- The Product Security Incident Response Team (PSIRT) forms a first line of defense when a vulnerability is discovered in an Adobe product. PSIRT can help you address vulnerabilities and stay up to date on Adobe security.
Content security resources
Adobe Reader X and Acrobat X security — Adobe Reader X and Acrobat X take the security of PDF documents — and your data — to a whole new level. Engineered with security in mind, Reader X and Acrobat X deliver better application security thanks to Protected Mode and new capabilities that allow more granular controls, tighter integration with operating system security controls, and improved deployment and administration tools. This white paper details the new security capabilities built into these newest versions.
Beyond application security, Adobe supports an array of industry-standard mechanisms to protect and authenticate the information stored in your PDF documents, including digital signatures, rights management, and document best practices.
Digital signatures
Digital signatures save time and money compared to "wet" signatures, and they help document authors and recipients ensure the integrity and authenticity of a document's contents. With Adobe Reader and Acrobat, you can easily add a standards-based digital signature to a document, check the signature for validity, and add permissions and restrictions to control the signature workflow.
Learn more about digital signatures in Acrobat
Rights management
Acrobat works with Adobe LiveCycle® Rights Management ES2 software to deliver rights management capabilities that enable you to prevent confidential data or other sensitive information from leaking outside your organization or getting into the wrong hands. Control access, printing, copying, and editing at the document, user, or group level, and dynamically change those policies throughout the lifetime of the document.
Consistent best practices
The new Action Wizard feature in Acrobat X lets you easily script document processes and deploy them across the organization, helping to ensure that all users are following best practices when preparing and protecting public-facing documents.
Managing sensitive information
End users can consistently and quickly remove sensitive information from files using one-button sanitization and enhanced redaction tools. Powerful, standards-based encryption technologies allow end users to set passwords and permissions to control access or prevent changes to any PDF document.
