Summary of Contents for Adobe 12001196 - Acrobat - Mac
Page 1
Acrobat Application Security Guide (all versions) Acrobat® Family of Products...
Page 2
Adobe Systems Incorporated. Please note that the content in this guide is protected under copyright law even if it is not distributed with software that includes an end user license agreement.
Adobe provides a security model designed to help you protect your environment from security attacks. You should explore the options for tuning applications for the desired security level. The big picture is...
Page 6
Receive alerts about vulnerabilities and updates. Incident Response Team Blog Get news and pre-notification of updates about all Adobe products. Secure Software Eng. Team Blog Track news and events from Adobe and the security software industry. Section 1 Application Security Overview Page 2...
PV is another defense-in-depth feature that is tightly integrated with the existing enhanced security feature. PV in Acrobat leverages the successful sandbox implementation already in place for Adobe Reader while providing a user experience that should be familiar to Microsoft Office 2010 users.
Page 8
Section 2 Protected View Application Security Guide Acrobat displays a warning bar at the top of the viewing window. In this state, many of Acrobat's features that interact with and change the document are disabled and the associated menu items are greyed out in order to limit user interaction.
In addition to enabling logging via the UI (above), you can turn on logging and configure a log file location via the registry. To enable logging, specify a log file location: 1. Go to HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\10.0\Privileged. 2. Right click and choose New > REG_SZ Value. Section 2 Protected View...
Page 10
Configurable policies have two requirements: • They must reside in the Reader install directory adjacent to the AcroRd32.exe in the install folder: D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\ • The name of the policy file must be ProtectedModeWhitelistConfig.txt. 2.2.5.1 Enabling custom policies To allow the application to read and use a policy file, registry configuration is required.
Unsupported configurations for Acrobat running in Protected View change across releases as the product evolves. For example, Protected Mode supports Citrix and Windows Terminal Services deployments with 10.1. For a list of unsupported configurations and workarounds, see http://kb2.adobe.com/cps/860/cpsid_86063.html. Protected View: Unsupported configuration dialog 2.4 FAQs...
Page 12
The current release includes support for the following: • Adobe Acrobat 10.1 or later. • Windows 32 and 64 bit platforms, including XP SP3. Adobe's initial efforts focus on hardening its Windows products because there are more Windows users and Windows applications with proven sandboxing implementations.
For application developers, sandboxing is a technique for creating a confined execution environment for running untrusted programs. In the context of Adobe Reader, the "untrusted program" is any PDF and the processes it invokes. When Reader sandboxing is enabled, Reader assumes all PDFs are potentially malicious and confines any processing they invoke to the sandbox.
2. In the Application Startup panel, check or uncheck Enable Protected Mode at startup. 3. When the dialog appears asking if you would like to continue, choose Yes. This preference sets: [HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Privileged] "bProtectedMode"=(0 = off; 1 = on) 1. Choose whether or not you would like to have a log file created.
None. PM is designed to protect users transparently and without impacting other features. 3.3.3 PM and shell extensions While Protected Mode can be disabled for PDFs viewed with the product, Adobe continues to protect you when 3rd party software invokes a Reader process; that is, Protected Mode sandboxing cannot be disabled for shell extensions.
Configurable policies have two requirements: • They must reside in the Reader install directory adjacent to AcroRd32.exe in the install folder. for example: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\ • The name of the policy file must be ProtectedModeWhitelistConfig.txt. 3.3.7.1 Enabling custom policies To allow the application to read and use a policy file, registry configuration is required.
In Reader 11 Protected Mode, the sandboxed AcroRd32.exe process only has read access to those files and folders under the %USERPROFILE% for the following: 1. The correct functioning of Adobe Reader itself; for example %appdata%\Adobe\Acrobat\11.0\*. 2. PDFs explicitly opened by the user via the File Open dialog or double-clicking.
Section 3 Protected Mode Application Security Guide BUILTIN\Users groups read access is not protected with read-restrictions. Other folders such as the per-user profile folder that don't grant such an access are protected. Note that many user-account protected network shares don't grant access to everyone. So, again, those would be protected. 3.4.2 User experience There is no UI to turn read-restrictions on or off: this feature is an enhancement to the existing Protected Mode feature and is always enabled as part of it.
Protected Mode. Note "Adobe Reader cannot open in Protected Mode due to a problem with your system configuration. Would you like to open Adobe Reader with Protected Mode disabled?"...
Is Reader X on Mac OSX less vulnerable? While Protected Mode is not available for Macintosh, Adobe has not seen any targeted attacks against Unix and Mac Reader so far.
Page 21
Plug-ins will not be able to write log files to non-whitelisted locations. They can continue to write logs to the Temp directory (as returned by GetTempPath() Windows API or equivalent Acrobat API). Another white-listed location is Adobe Reader's own appdata area. Does the Protected Mode impair a PDF's ability to access trusted web sites? Can I still save Acrobat forms on my own computer? Yes.
Page 22
What is the user experience like for screen readers invoked via viewing a PDF in the browser? Most accessibility features work. In some cases they do not work on XP. For a list of known issues, see http://kb2.adobe.com/cps/860/cpsid_86063.html. Why do we see 2 Reader processes in the Task Manager with the same name? The Reader X application now has 2 processes: one for the target (sandbox) and the broker.
Page 23
Application Security Guide Section 3 Protected Mode One option is to add custom policies to bypass protected mode restrictions. Can plug-in developers write their own broker? No, we do not currently provide the option for developers to write their own brokers, but we may do so for future releases.
Section 4 Enhanced Security Application Security Guide 4 Enhanced Security Introduced in version 9.0 and enabled by default for the 9.3 and 8.2 updates, enhanced security "hardens" your application against risky actions by doing the following for any document not specifically trusted: •...
The following preference rules apply irrespective of the user's platform: • Windows, Macintosh, and UNIX platforms use similarly named keys. • When configuring paths, use your product (Adobe Acrobat or Acrobat Reader) and version (9.0 or 8.0). • For 8.x, only one key (bEnhancedSecurityStandalone) controls behavior for both standalone and browser modes.
Page 26
Before continuing, install some plist editor such as PlistEdit Pro. Change the root path to reflect the product (Acrobat or Reader) and version number (9.0 or 8.0) you are using. To configure the settings: 1. Navigate to the .plist file: • Mactel: UserLibraryPreferencescom.adobe.Acrobat.Pro_x86_9.0.plist • Mactel: UserLibraryPreferencescom.adobe.Acrobat.Pro_x86_8.0.plist Section 4 Enhanced Security Page 22...
Page 27
Application Security Guide Section 4 Enhanced Security • PowerPC machine: UserLibraryPreferencescom.adobe.Acrobat.Pro_ppc_8.0.plist • PowerPC machine: UserLibraryPreferencescom.adobe.Acrobat.Pro_ppc_9.0.plist • PowerPC machine: UserLibraryPreferencescom.adobe.Reader_ppc_8.0.plist • PowerPC machine: UserLibraryPreferencescom.adobe.Reader_ppc_9.0.plist 2. Go to TrustManager. 3. Set EnhancedSecurityInBrowser (Boolean YES/NO). 4. Set EnhancedSecurityStandalone (Boolean YES/NO). 5. Exit the editor.
• Create a privileged location via the UI for the file, folder, or host. • Create a privileged location via the registry/plist by placing a tID under each cab/dict at: [HKCU\Software\Adobe\<product name>\<version>\TrustManager\(cTrustedSites or TrustedFolders)\cCrossdomain] [HKCU\Software\Adobe\<product name>\<version>\TrustManager\(cTrustedSites or TrustedFolders)\cDataInjection] [HKCU\Software\Adobe\<product name>\<version>\TrustManager\(cTrustedSites or TrustedFolders)\cExternalStream] [HKCU\Software\Adobe\<product name>\<version>\TrustManager\(cTrustedSites or TrustedFolders)\cScriptInjection]...
Application Security Guide Section 4 Enhanced Security 4.4.1 Privileged locations The most common way to assign trust to files, folders, and hosts is via privileged locations. 4.4.2 Internet Access There are two ways to control internet access: • The Trust Manager's Internet Access settings allow you to trust individual web-based files, directories, and specific hosts (wildcards are supported).
Yellow Message Bar. If you find that your workflow is impaired, Adobe recommends that you leave enhanced security enabled and assign trust as needed via one of the available methods prior to sending such a form.
Page 31
Application Security Guide Section 4 Enhanced Security Data file Action location location 8.x behavior 9.x behavior Opening a target PDF local local PDF opens. No No change. authentication required. Opening a target PDF local server PDF opens Allow via dialog or enable enhanced security and set privileged location.
Section 4 Enhanced Security Application Security Guide 4.5.2.1 9.2, 8.1.7, and earlier Pre 9.3 and 8.2, the application displayed modal dialogs whenever a risky behavior was invoked. The user had to click through the dialog to continue. Enhanced Security: Data access dialog (pre 9.3 and 8.2) 4.5.2.2 9.3, 8.2, and later With 9.3 and 8.2, many warning messages were moved to an unobtrusive Yellow Message Bar at the top of the document.
Page 33
"bDisableOSTrustedSites"=dword:00000001 4.6.4 Least restrictive settings "Secure by default" is Adobe's recommended best practice. However, you can disable all the features if you are already operating within a secured environment. The following examples show the least restrictive settings with the features not locked.
Section 5 JavaScript Controls 5 JavaScript Controls JavaScript support is one of Acrobat's and Adobe Reader's most powerful features, and Adobe provides several controls that enable tuning application behavior so that JavaScript (JS) executes within your desired level of security where unrestricted access to JS APIs is undesirable or workflows do not leverage this feature at all.
Options button and then trust the document once or always. • Create a privileged location via the UI for the file, folder, or host. • Create a privileged location via the registry/plist by placing a tID at: [HKCU\Software\Adobe\<product name>\<version>\TrustManager\(cTrustedSites or TrustedFolders)\cAlwaysTrustedForJavaScript] "t8"="C:\\someTrustedPDF" Section 5 JavaScript Controls...
APIs so that you do not have to resort to disabling JavaScript altogether. The blacklist is maintained in the Windows registry and the Macintosh OS X FeatureLockdown file. On Windows, there are two blacklists, one for enterprise administrators, and one for Adobe patches and updates. Blacklist rules of operation •...
Section 5 JavaScript Controls Application Security Guide On a 64 bit Windows system, the path is HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe. 5.5.2 Blacklist configuration The manual steps described below require administrator privileges on a machine and should only be undertaken by someone experienced in registry-level configuration. In most cases, configuration occurs via the Customization Wizard prior to client deployment or via a scripting mechanism post-deployment.
Page 39
One such tool is the JavaScript Blacklist Framework Tool for Acrobat and Adobe Reader. The tool offers protections against an entire class of vulnerabilities that target JavaScript APIs.
Page 40
The tool presents a list of JavaScript APIs that have been attacked in the past. It retrieves a current list of APIs from an Adobe server but presents a default list if an Internet connection is unavailable. To use the tool: 1.
1. Go to Preferences > JavaScript (The exact path varies by product and platform). 2. In the JavaScript Security panel, set Enable menu items JavaScript execution privileges. This values sets: [HKCU\Software\Adobe\<product name>\<version>\JSPrefs] "bEnableMenuItems" Note Enables executing JS by clicking menu items. When off, privileged JS calls can be executed via the menu unless they have been wrapped in the app.trustFunction.
1. Go to Preferences > JavaScript (The exact path varies by product and platform). 2. In the JavaScript Security panel, set Enable global object security policy as needed. This values sets: [HKCU\Software\Adobe\<product name>\<version>\JSPrefs] "bEnableGlobalSecurity" Note Toggles on and off the ability of a script to access objects outside of the current document sandbox. If enabled, JavaScript objects are globally accessible.
Page 43
• Administrator list: This list requires administrator rights to modify and locks down the feature. It resides at: HKLM\SOFTWARE\Policies\Adobe\<product name>\<version>\FeatureLockDown\(cTrustedSites TrustedFolders)\cJavaScript • User list: The user list is for the current user only and is editable via the user interface. It resides at: HKCU\Software\Adobe\<product name>\<version>\TrustManager\(cTrustedSites...
Options button and then trust the document once or always. • Create a privileged location via the UI for the file, folder, or host. • Create a privileged location via the registry/plist by placing a tID at: [HKCU\Software\Adobe\<product name>\<version>\TrustManager\(cTrustedSites or TrustedFolders)\cJavaScriptURL] "t8"="C:\\someTrustedPDF" 5.11 JavaScript injection...
"t8"="C:\\someTrustedPDF" 5.12 Workflow changes by version Acrobat and Adobe Reader have always provided controls for managing JavaScript. Over time, these controls have become more rich in an effort to provide granular control over document behavior. The behavior across versions is as follows: 5.12.1 9.1 and 8.1.6 and earlier...
Page 46
• Enable JavaScript for this document one time only • Enable JavaScript for this document always: This option stores a unique document ID in HKCU\Software\Adobe\<product name>\<version>\TrustManager\cTrustedFolde Yellow message bar: JS off warning (9.2 and 8.1.7 and later) • High privileged JavaScript will not execute unless the user has established a prior trust relationship with the document via a trusted certificate or privileged location.
5.12.3.2 Overview Due to Adobe's high interest in security, changes to existing Acrobat and Adobe Reader functionality are periodically released to further strengthen the product's resistance to malicious attacks. As part of this effort, 10.1.1 introduces changes to the JavaScript feature that stores global variables and executes user-defined scripts.
Page 48
Restart the product to export the variables to the new format. Note For Adobe Reader, you can only use the latter method since the JavaScript console is not available unless you have enabled it as described at http://blogs.adobe.com/pdfdevjunkie/2008/10/how_to_use_the_javascript_debu.html.
To mitigate the risk inherent in attachments: • Know what the content is and from where it originated. • Be aware of dangerous file types and how the application manages those types. Adobe applications maintain Black lists and white lists which control application behavior.
Page 50
LockDown file and edit it in a text editor. This file is normally located in application> <version number><product name>/<application> [version number] Professional/Contents/MacO 2. Hold the Ctrl key and click the application file in Applications/Adobe Acrobat <product name>. 3. Choose Show Package Contents. 4. Navigate to Contents > MacOS > Preferences.
Page 51
To edit the registry to modify the default behavior of file attachments in Linux: 1. Navigate to <install location>/Adobe/<application and version/Reader/globalPrefs. 2. Open AttachmentPerms in a text editor. 3. Edit or add an extension and value in the format of <.extension>:<0-3>. For example, .zip:1.
Section 6 Attachments Application Security Guide Users can indirectly manage the registry list of which file types can be opened and saved. In other words, the list in Attachment black list can be extended one at a time as each attached file is opened. Administrators can modify the registry.
Page 53
Application Security Guide Section 6 Attachments Gzip Compressed Archive .hex Macintosh BinHex 2.0 file .hlp Windows Help file .hqx Macintosh BinHex 4 Compressed Archive .hta Hypertext Application .inf Information or Setup file .ini Initialization/Configuration file .ins IIS Internet Communications Settings (Microsoft) .isp IIS Internet Service Provider Settings (Microsoft) .its...
Page 54
Section 6 Attachments Application Security Guide .rar WinRAR Compressed Archive .reg Registration Information/Key for Windows 95/98, Registry Data file .scf Windows Explorer Command .scr Windows Screen Saver .sct Windows Script Component, Foxpro Screen (Microsoft) .sea Self-expanding archive (used by Stuffit for Mac files and possibly by others) .shb Windows Shortcut into a Document .shs...
Adobe began addressing this problem several releases ago by implementing a standardized cross-domain security model that has evolved over the years into a robust, secure solution. By providing controls for who may receive data from whom, Adobe clients such as Flash and rich PDF documents are safe and extremely flexible.
Page 56
Application Security Guide 7.1.2 Cross domain workflow A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat permission to handle data across domains. When a client hosts content from a particular...
Page 57
Section 7 Cross Domain Configuration 7.1.3 When you need cross domain access Cross domain access is permitted for Acrobat and Adobe Reader default installations in versions 9.2/8.17 and earlier. You can prevent such access by turning on the enhanced security feature.
Page 58
Cross-domain restrictions do not apply to data requested by Reader for non-document request operations. For example, if Adobe Reader requests a timestamp from a remote server to validate a digital signature, it is not restricted because the data was not requested by the document.
7.1.5 PDFs in a standalone application vs. the browser Acrobat and Adobe Reader behave similarly with respect to data access, and their behavior is consistent whether running in the browser or as a standalone application. However, behavior inside and outside of a browser varies because of differences in http(s) request handling: •...
Section 7 Cross Domain Configuration Application Security Guide • Enhanced security is enabled and privileged locations are not locked. Here the warning button appears with an options button. The user is provided with the option to trust the document once or always.
Page 61
URL (i.e. non-socket) master policy file which allows access to the example.com root domain with and without the www subdomain as well as any subdomains. allow-access-from: Allowing access to root domains <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="master-only"/> <allow-access-from domain="*.example.com"/> <allow-access-from domain="www.example.com"/>...
Page 62
Section 7 Cross Domain Configuration Application Security Guide <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="none"/> </cross-domain-policy> The following is the most permissive master policy file definition (strongly not recommended ). It allows any policy file on the target domain to grant permissions, allows access to any of its file, and permits any header to be sent to the server.
Page 63
HTTP source is accessing data on this domain through HTTPS. It should be obvious that this practice is not recommended. allow-access-from: Most permissive access <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="www.example.com" secure="false"/> </cross-domain-policy>...
</cross-domain-policy> 7.3 Certificate-based permissions Acrobat and Adobe Reader 9.1 introduces an extension to cross-domain policies that enables cross domain access on a per document basis. You do so by identifying a certified document signed with a specific certificate that should be able to access web servers in another domain. Since these documents contain an embedded and unique public key certificate, a SHA-1 hash of the certificate can be used as an identifier, much like a fingerprint.
Page 65
Application Security Guide Section 7 Cross Domain Configuration Note If you are using a certificate hash for documents that are Reader enabled by a LiveCycle ES server, you should use the certificate issued in conjunction with the server. This certificate will be unique to your organization.
Page 66
Section 7 Cross Domain Configuration Application Security Guide reason. Note Other methods of extracting the certificate hash include using openSSL or importing the ID into the Windows store. Only one method is described here. To extract a certificate hash: 1. Open Acrobat. 2.
Application Security Guide Section 7 Cross Domain Configuration 5. Save and close the policy file. Typical allow-access-from-identity block <allow-access-from-identity> <signatory> <certificate fingerprint="01:23:45:67:89:ab:cd:ef:01:23:45:67:89:ab:cd:ef:01:23:45:67" fingerprint-algorithm="sha-1"/> </signatory> </allow-access-from-identity> 7.3.4 Fingerprint usage rules • Multiple signatories require multiple <allow-access-from-identity> blocks. • There must be one and only one <signatory> block inside an <allow-access-from-identity>.
Page 68
Section 7 Cross Domain Configuration Application Security Guide • For 9.2, Acrobat requires that cross-domain policy files return from the server with the content-type text/cross-domain-policy. • For 9.3, both clients support all of the mime types listed in the specification: • Any content type that starts with "text/" •...
Page 69
Application Security Guide Section 7 Cross Domain Configuration 6. Specify the MIME type for the policy file: 1. In the left hand column, choose Environment > Virtual hosts. 7. Select the** (host name) > MIME Types**. 8. Configure the following: • MIME Type: text/x-cross-domain-policy (or a type supported per the specification). •...
Page 70
Section 7 Cross Domain Configuration Application Security Guide 1. Open NetWeaver Administrator. 2. Navigate to Java System Properties: Configuration Management > Infrastructure. 3. In the Services tab, select HTTP Provider Service. A list of all service properties is displayed on the Extended Details tab page. 4.
Application Security Guide Section 7 Cross Domain Configuration 3. In the web.xml set the mime-mapping tag: <mime-mapping> <extension>xml</extension> <mime-type>text/x-cross-domain-policy</mime-type> </mime-mapping> 1. Deploy the ear file as usual. 7.5 Calling policies via JavaScript One exception to the requirement that a master policy file be present is when a document specifies a policy via JavaScript.
Page 72
Section 7 Cross Domain Configuration Application Security Guide 7.6.1 Enabling logging If you need to debug cross domain access, enable logging. Note Logging is not available on Macintosh. Cross domain logging Logging: User interface configuration The 9.3 and 8.2 updates and later allow configuration via the user interface. To do so: 1.
Page 73
• Windows 7: C:UsersusernameAppDataRoamingAdobeAcrobat9.0 7. Create an empty file called AcrobatCrossDomain.log. Note The log name is identical for Adobe Reader. 7.6.2 General log messages Request for resource at %s by requestor from %s is permitted due to policy file at %s A file attempted an operation that requires a policy file permission and the policy was found.
Page 74
Section 7 Cross Domain Configuration Application Security Guide • No applicable policy file exists to authorize the operation. If you control the server where the resource resides, you may need to add a policy file on that server. Otherwise, you may need to proxy the operation through the file's own server.
Page 75
Application Security Guide Section 7 Cross Domain Configuration The client made an HTTP request but was not able to see HTTP response headers. As detailed in the section on meta-policies, some of the new, strict policy file rules require that the client be able to access HTTP response headers;...
Page 76
Section 7 Cross Domain Configuration Application Security Guide HTTP header from %s specifies meta-policy 'by-ftp-filename', which is only applicable to FTP, not HTTP. A by-ftp-filename meta-policy was found in an X-Permitted-Cross-Domain-Policies HTTP response header, but it is only valid for FTP servers. The X-Permitted-Cross-Domain-Policies header has been ignored, but any policy file at this URL has not necessarily been ignored (there should be a further error message if it is).
Page 77
Application Security Guide Section 7 Cross Domain Configuration The meta-policy has been ignored, but the policy file itself has not necessarily been ignored (there should be a further error message if it is). Meta-policy %s in policy file from %s conflicts with previously established meta-policy %s Meta-policies are incorrectly configured.
Page 78
Section 7 Cross Domain Configuration Application Security Guide Port ranges may include the wildcard *, individual port numbers, port ranges separated by dashes, or comma-separated lists of individual numbers and/or ranges. The allow-access-from is ignored, although other directives in the same policy file may be valid and accepted. Ignoring 'secure' attribute in policy file from %s.
Page 79
Application Security Guide Section 7 Cross Domain Configuration Timeout on %s (at 3 seconds) while waiting for socket policy file. Only pertinent to Flash and socket policy files. [strict] Local socket connection forbidden to host %s without a socket policy file. Only pertinent to Flash and socket policy files.
Section 8 External Content Access Application Security Guide 8 External Content Access 8.1 Internet access Your application can inform you when a PDF file is attempting to connect to an Internet site. Opening a Web page represents a security risk because malicious content can be transferred whenever a PDF communicates with the Internet.
Page 81
Application Security Guide Section 8 External Content Access If you choose the custom settings option, the Web Sites panel becomes active and you can enter unique URLs. URLs must begin with www and end with a valid suffix. The Acrobat family of products maintains a white and black list of URLs called the Trust List.
Section 8 External Content Access Application Security Guide External connection warning 8.2 Multimedia (legacy) Multimedia poses a security risk because it could potentially change the document's appearance or present security holes through multimedia players. There are two types of multimedia, and application behavior varies with each type: •...
Page 83
Application Security Guide Section 8 External Content Access 9.5 & Multimedia trust is integrated into the Trust Manager framework and the following changes have been made: 10.1.2 • The following UI items are removed from Preferences > Multimedia Trust (Legacy): Clear your list of trusted documents AND Display permissions for ( ) Trusted documents ( ) Other documents.
Page 84
• With 9.5 & 10.1.2 and later, create a privileged location via the UI for the file, folder, or host. • With 9.5 & 10.1.2 and later, create a privileged location via the registry/plist by placing a tID at: [HKCU\Software\Adobe\<product name>\<version>\TrustManager\<cTrustedSites or TrustedFolders>\] "cMultiMedia"...
Page 85
Application Security Guide Section 8 External Content Access 8.2.3.2 9.3-8.2 & later For 9.3 and 8.2, modal dialogs have been replaced by a Yellow Message Bar. The options button allows users to trust once or always. Choosing Always adds the item to the already existing Trusted Documents list.
Section 8 External Content Access Application Security Guide 8.2.3.3 Up to 9.2-8.1.7 These product versions displayed the dialog below rather than the YMB. 9.2-8.1.7 and earlier: Manage Trust for Multimedia Content dialog 8.3 XObjects Changes across releases: XObject (external stream) access Version Change pre 9.2...
• Options button provides the Trust Once and Trust Always options. • Enterprise IT can configure the end user settings via HKCU\Software\Adobe\<product name>\<version>\3D\bEnable3DContent. • Enterprise IT can disable and lock 3D rendering so that the user cannot change the setting via HKLM\SOFTWARE\Policies\Adobe\<product name>\<version>\FeatureLockDown\bEnable3D.
Page 88
Section 8 External Content Access Application Security Guide Beginning with 9.5.1, Adobe Reader and Acrobat no longer include a Flash Player for displaying Flash in PDF files. Instead, rendering Flash content embedded in a PDF now requires that a Flash Player already resides on the user machine.
Application Security Guide Section 9 Trust Methods 9 Trust Methods Ideally, you've enabled and configured all of the product's security mechanisms and are now ready to assign trust to elements in your workflows. Available trust mechanisms include: 9.1 Privileged locations Privileged locations (PLs) are synonumous with "trusted locations." PLs are the primary way that users and administrators can specify trusted content that should be exempt from security retrictions.
Page 90
• Add Host: Enter the complete name of the root URL only with no wildcards. For example, www.adobe.com but not www.adobe.com/lc. To specify HTTPS, select Secure Connections Only. 3. Choose OK.
Page 91
Application Security Guide Section 9 Trust Methods 9.1.3 User on-the-fly config. Whenever a PDF opens that contains content which is blocked by a security feature, a Yellow Message Bar (YMB) appears. If the feature has not been disabled by the administrator, users can trust the document on-the-fly as follows: •...
Page 92
Section 9 Trust Methods Application Security Guide [HKEY_CURRENT_USER\Software\Adobe\<product name>\<version>\TrustManager\cTrustedFolders\cCrossdomain] "t3"="C:\\Documents and Settings\\username\\My Documents\\acrobat_logo16.png" Protected View: trust set in the registry 9.1.5 Recursive directory trust Recursivity is on by default with 10.1. Prior to 10.1, if you make a folder a privileged location its subdirectories are not automatically included.
10.x products support the use of wildcard matching of subdomain components for trusted host URLs. For example, for a basic URL of a.b.c.adobe.com, you can wildcard on all of a, b, or c. It is required that at least the first subdomain is specified (adobe in this case). So *.corp.adobe.com or 11lcforms.*.adobe.com`` works, but *.forms.corp.adobe.com or lcforms.corp.*.com will not.
Section 9 Trust Methods Application Security Guide [HKEY_CURRENT_USER\Software\Adobe\<product>\<version>\TrustManager] "bTrustCertifiedDocuments"=dword:00000001 To lock the setting, set the following: [HKLM\SOFTWARE\Policies\Adobe\<product>\<version>\FeatureLockDown\ "bEnableCertificateBasedTrust"=dword:00000001 9.4 Per-certificate trust Trust can be configured on a per-certificate basis so that certified documents signed with a specific certificate can be made exempt from some security restrictions. For the certification signature, the signature must be valid and the certificate must chain to a valid and trusted root certificate.
Use the same ID and value. Note Other XObject settings can be configured via the UI or in the registry as described in the Preference Reference for Acrobat and Adobe Reader. Section 9 Trust Methods Page 91...
Section 10 Content security Application Security Guide 10 Content security Application security is all about hardening the application against malicious attacks. Content security is designed to protect workflows and content within the application's secured environment. The product's application security options as well as its content security features such as digital signatures, encryption, and permissions provide unparallelled control over PDF-based workflows.