Adobe Systems Inc. has launched a new protected mode for its highly ubiquitous Flash Player that could thwart attackers from targeting flaws in the browser component in Mozilla Firefox.
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to searchSecurity.in you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of searchSecurity.in is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
Sandboxing technology has proven very effective in protecting users by increasing the cost and complexity of authoring effective exploit.Peleus Uhley, platform security strategist, Adobe Systems Inc.
A beta version of Flash Player sandbox for the Firefox browser was released this week. The protected mode is currently available for users of Google Chrome. It is designed to isolate Flash Player from sensitive processes, making it more difficult for attackers to target Flash vulnerabilities, using Flash Player as a stepping stone to gain access to critical processes or data.
Adobe Flash Player Protected Mode for Firefox 4.0 or later will be supported on both Windows Vista and Windows 7.
“Sandboxing technology has proven very effective in protecting users by increasing the cost and complexity of authoring effective exploits,” wrote Peleus Uhley, platform security strategist at Adobe. “For Flash Player, this is the next evolutionary step in protecting our customers.”
While Adobe touts the benefits of sandboxing, so far there has been little evidence that it has helped defend against attacks. Flash and Adobe Reader and Acrobat remain the most targeted software by attackers. Uhley said Flash Player protected mode forces it to run as “a low integrity, highly restricted process that must communicate through a broker to limit its privileged activities.” Adobe engineers worked closely with Firefox developers to create the new sandbox mode.
Engineers also worked closely with Google to develop a sandbox version of Flash Player for the Chrome Browser. That version of Flash Player is supported for users of Windows XP.
Adobe began rolling out “protected mode” for Adobe Reader and Flash Player in 2010. Adobe Reader X was created in response to an increased focus by attackers in targeting zero-day flaws in the software. While sandboxing technology won't stop all attacks, it does provide an additional layer of defense and makes attacks more difficult to pull off. Last year, researcher Billy Rios demonstrated a way to bypass Flash Player sandboxing.
The company has been increasing the security layers in its software. Protected View was launched last year and is enabled by default when a user opens up an untrusted file in Adobe Reader X.