{"id":3254,"date":"2012-02-07T18:34:16","date_gmt":"2012-02-07T18:34:16","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3254"},"modified":"2015-09-09T19:37:00","modified_gmt":"2015-09-09T11:37:00","slug":"at-last-adobe-launches-sandboxed-flash-player-for-firefox","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2012\/02\/at-last-adobe-launches-sandboxed-flash-player-for-firefox\/","title":{"rendered":"At Last – Adobe Launches Sandboxed Flash Player For Firefox"},"content":{"rendered":"

Finally a proactive measure from Adobe<\/a> to try and remedy the horrible security flaws they have introduced to Firefox with their Flash Player.<\/p>\n

There have been some massive hacks recently due to Flash –<\/p>\n

Hackers Exploiting Latest Adobe Flash Bug On Large Scale<\/a>
\n– Adobe Patches Latest Flash Zero Day Vulnerability<\/a>
\n– Adobe Promises Patch For Flash 0-day Being Used In Targeted Attacks<\/a><\/p>\n

Those 3 were all in 2011!<\/p>\n

Adobe has released a beta version of Flash Player for Firefox, which has better protection against vulnerability exploits because of a new sandboxed architecture.<\/p>\n

“The design of this sandbox is similar to what Adobe delivered with Adobe Reader X Protected Mode and follows the same Practical Windows Sandboxing approach,” said Peleus Uhley, platform security strategist at Adobe, in a blog post on Monday. “Like the Adobe Reader X sandbox, Flash Player will establish a low integrity, highly restricted process that must communicate through a broker to limit its privileged activities.”<\/p>\n

In secure software development, sandboxing refers to the practice of isolating a process from the operating system in order to minimize the fallout of a potential exploit. This type of technology has gained popularity in recent years, primarily because of its use in Google Chrome, a browser that has never experienced a successful remote code execution attack so far.<\/p>\n

Adobe decided to implement sandboxing in Adobe Reader back in 2010 in order to counter the large number of exploits that targeted the product and its users. The technology was built into Adobe Reader X (10.0) and is based on the same sandboxing principles that Google used when developing Chrome.<\/p>\n

Later that same year Adobe also launched a sandboxed version of Flash Player for Chrome and promised to explore the possibility of doing the same for other browsers. The new sandboxed Flash Player for Firefox, which works with Windows Vista and Windows 7, is the result of those efforts. <\/p><\/blockquote>\n

They have been talking about sandboxing for a long time and did mention they wanted to sandbox Adobe PDF Reader<\/a> too, Chrome<\/a> has had great success with it’s sandbox model and I’m sure many more software vendors will follow suit.<\/p>\n

It’s good to see this approach with the web becoming an extremely dangerous place and more and more commerce is moving online, this gives us a deadly mix of poor security and lots of money floating around.<\/p>\n