"Our Protected Mode implementation allows Flash Player to run as a low integrity process with several additional restrictions that prohibit the runtime from accessing sensitive resources," Peleus Uhley, Platform Security Strategist with Adobe, explained.
"This approach is based on David LeBlanc’s Practical Windows Sandbox design and builds upon what Adobe created for the Adobe Reader X sandbox. By running the Flash Player as a restricted process, Adobe is making it more difficult for an attacker to turn a simple bug into a working exploit.
But this sandbox is not the only security improvement that this version brings.
OS X users will be more safe in the future as an background updater has finally been implemented, making it able to download and install the update without interrupting the end-user’s session with a prompt - that is, if the user chooses to accept these updates in the first place.
Finally, all future Flash Player releases for Mac OS X will be signed with an Apple Developer ID in order to make it play nice with Apple's Gatekeeping technology, which verifies it as a trusted application.
"Therefore, if the Gatekeeper setting is set to 'Mac App Store and identified developers,' end-users will be able to install Flash Player without being blocked by Gatekeeper, Adobe's Brad Arkin points out. "If Gatekeeper blocks the installation of Flash Player with this setting, the end-user may have been subject to a phishing attack."
But beware - there are some reports saying that this latest update causes Firefox to freeze or crash. It is believed that the Protected Mode is responsible for it, so if this happens to you, you can either disable the Flash Player Plugin altogether (Add-ons > Plugins > Shockwave Flash - Disable) or disable the Protected Mode.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.