Adobe delivers sandboxed Flash Player for Firefox users
Posted on 11 June 2012.
Adobe released the newest version (11.3) of its Flash Player, with which its Protected Mode is now made available to Firefox users on Windows.

"Our Protected Mode implementation allows Flash Player to run as a low integrity process with several additional restrictions that prohibit the runtime from accessing sensitive resources," Peleus Uhley, Platform Security Strategist with Adobe, explained.

"This approach is based on David LeBlancís Practical Windows Sandbox design and builds upon what Adobe created for the Adobe Reader X sandbox. By running the Flash Player as a restricted process, Adobe is making it more difficult for an attacker to turn a simple bug into a working exploit.

But this sandbox is not the only security improvement that this version brings.

OS X users will be more safe in the future as an background updater has finally been implemented, making it able to download and install the update without interrupting the end-userís session with a prompt - that is, if the user chooses to accept these updates in the first place.

Finally, all future Flash Player releases for Mac OS X will be signed with an Apple Developer ID in order to make it play nice with Apple's Gatekeeping technology, which verifies it as a trusted application.

"Therefore, if the Gatekeeper setting is set to 'Mac App Store and identified developers,' end-users will be able to install Flash Player without being blocked by Gatekeeper, Adobe's Brad Arkin points out. "If Gatekeeper blocks the installation of Flash Player with this setting, the end-user may have been subject to a phishing attack."

But beware - there are some reports saying that this latest update causes Firefox to freeze or crash. It is believed that the Protected Mode is responsible for it, so if this happens to you, you can either disable the Flash Player Plugin altogether (Add-ons > Plugins > Shockwave Flash - Disable) or disable the Protected Mode.






Spotlight

Most popular Android apps open users to MITM attacks

Posted on 21 August 2014.  |  An analysis of the 1,000 most popular free Android apps from the Google Play store has revealed a depressing fact: most of them sport an SSL/TLS vulnerability that can be misused for executing MITM attacks, and occasionally additional ones, as well.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Aug 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //