The new Edge PDF offering will have all the capabilities that the current one does. And there have been quite a few flaws in Adobe's PDF code. In addition, Edge's Acrobat engine will be included in the software vendor's bug bounty program to incentivize developers to find and report flaws. Fuzzing – automatic testing for vulnerabilities – is another security feature included with the new Edge PDF stack. The package also includes mitigations such as Intel's Control Flow Enforcement Technology to protect against the hijacking of control-flow transfer instructions, a technology that complements Microsoft's Control Flow Guard. "PartitionAlloc is designed in such a way as to keep objects of different types separate from each other with minimal intervention from the developer," Evans wrote. That includes adding security features to the PDF stack such as PartitionAlloc a secure heap implementation developed on Chromium and already used in Edge, according to Gareth Evans, principal security research lead at Microsoft. Miscreants will use malware-infused PDFs to muscle their way into enterprise networks, so Microsoft's Edge Vulnerability Research team was involved in the process of bringing the Adobe engine to Edge. Microsoft made a particular point of outlining its efforts to ensure the new Adobe PDF tool is secure.
0 Comments
Leave a Reply. |