Adobe delivers sandboxed Flash Player for Firefox users
Posted on 11 June 2012.
Adobe released the newest version (11.3) of its Flash Player, with which its Protected Mode is now made available to Firefox users on Windows.

"Our Protected Mode implementation allows Flash Player to run as a low integrity process with several additional restrictions that prohibit the runtime from accessing sensitive resources," Peleus Uhley, Platform Security Strategist with Adobe, explained.

"This approach is based on David LeBlancís Practical Windows Sandbox design and builds upon what Adobe created for the Adobe Reader X sandbox. By running the Flash Player as a restricted process, Adobe is making it more difficult for an attacker to turn a simple bug into a working exploit.

But this sandbox is not the only security improvement that this version brings.

OS X users will be more safe in the future as an background updater has finally been implemented, making it able to download and install the update without interrupting the end-userís session with a prompt - that is, if the user chooses to accept these updates in the first place.

Finally, all future Flash Player releases for Mac OS X will be signed with an Apple Developer ID in order to make it play nice with Apple's Gatekeeping technology, which verifies it as a trusted application.

"Therefore, if the Gatekeeper setting is set to 'Mac App Store and identified developers,' end-users will be able to install Flash Player without being blocked by Gatekeeper, Adobe's Brad Arkin points out. "If Gatekeeper blocks the installation of Flash Player with this setting, the end-user may have been subject to a phishing attack."

But beware - there are some reports saying that this latest update causes Firefox to freeze or crash. It is believed that the Protected Mode is responsible for it, so if this happens to you, you can either disable the Flash Player Plugin altogether (Add-ons > Plugins > Shockwave Flash - Disable) or disable the Protected Mode.






Spotlight

Fake "Online Ebola Alert Tool" delivers Trojan

Posted on 29 October 2014.  |  Cyber scammers continue to take advantage of the fear and apprehension surrounding the proliferation of the Ebola virus.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //