Flash player 11.3 will support sandboxing in Firefox on Windows

Adobe Flash logoSeveral changes that Adobe made in Flash 11.3 aim to boost the browser plugin’s security and reduce its susceptibility to attacks. The most significant of those changes is the introduction of sandboxing on the Windows platform.

Due to the frequent discovery of Flash vulnerabilities and the relative ubiquity of the plugin, Flash is one of the most heavily-exploited pieces of software. Adobe and browser vendors have been working to make it harder to exploit by isolating the plugin and working to ensure that users have easier access to the latest version.

Most browsers already implement process isolation for plugins in order to prevent Flash crashes from taking down the whole application. In some browsers, such as Chrome, the plugin is sandboxed on Windows to prevent it from accessing sensitive platform functionality. Adobe has worked with Mozilla to bring that feature to Firefox on Windows.

The sandboxing takes advantage of native security features that Microsoft built into Windows Vista and Windows 7. The Flash plugin will operate in three separate processes, one that interacts with the browser, one that does the bulk of the Flash execution, and one that mediates control of underlying operating system features.

The main Flash process will be run at a “low integrity” level, which will prevent it from writing to the user’s profile, manipulating the registry, or sending messages to higher integrity processes. It will also be encumbered with a number of job restrictions that will further limit its access. In order to reach the filesystem or hardware devices, the sandboxed process will have to go through the OS broker process, which is designed to strictly limit access.

The sandboxing mechanism that will be used for Flash in Firefox is similar to the one that Adobe has already implemented in its Acrobat Reader software. Because the implementation relies on features that are built into Windows Vista and Windows 7, however, the Flash sandboxing will not be supported on Windows XP.

Flash has had sandboxing support in Chrome on Windows Vista and Windows 7 since 2011. Internet Explorer doesn’t quite have full Flash sandboxing yet, but already runs the plugin at a low integrity level. Bringing the sandboxing feature to Firefox is another positive step forward.

In addition to introducing sandboxing, Adobe has also been working on a background update system that will allow the plugin to be updated automatically, without requiring user intervention. Simplifying Flash updates will make it easier for Adobe to protect users from zero-day vulnerabilities.

Adobe first introduced the automatic updater on Windows earlier this year. Now Adobe is bringing it to Apple’s Mac OS X. The updater will use a launch daemon to check for updates every day. When an update is detected, it can automatically install it in the background without disrupting the user’s activities.

Alongside the addition of the background updater, Adobe has also taken the opportunity to add application signing, which allows the Flash plugin to run on systems where Gatekeeper is configured to block unsigned software.

The Flash plugin is supported in a restricted capacity in Windows 8, not available on iOS, being discontinued on Android, and soon to be phased out on the Linux desktop. It’s no longer a viable solution for developers who want to reach every screen. Although Flash is gradually heading towards obsolescence, Flash content will continue to be supported in some capacity while standards-based alternatives are maturing and gaining acceptance. As such, enhancements that help to reduce the security risks posed by the plugin are welcome developments.

Source: Ars Technica

Tags: Adobe, Flash, OSes, Windows 7

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

A mobile hotspot in Australia will be capable of hitting gigabit speeds on the go
A new game could be in the works as Blizzard appears to have been hiring for a Diablo-related project
Nokia CEO Rajeev Suri will speak at MWC 2017
However what if you could go way, way back?
The Helio P15 packs an octa-core Cortex-A53 processor clocked at 2.2GHz
Samsung claims up to 27-percent higher performance or 40-percent lower power
Preliminary data for October shows another Windows 10 boom
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
HP Slate 7 is a 7-inch Android 4 Tablet PC with good sound
A cost-effective, 7-inch tablet PC from a renowned manufacturer
October 25, 2013 / 4

News Archive



Do you use microSD card with your phone?
or leave your own version in comments