Bidvert-advert

Stay Update - ICT Security

Enter your email address:

We hate spam as much as you do and we will never sell, barter, or rent your email address to any unauthorized third party.

Most Frequently Used Software


CURL / XPertMailer / AutoBlogger / (Parser - PHP Simple HTML DOM)

lunedì 6 febbraio 2012

Adobe issues support for Flash Player sandboxing in Firefox

Adobe Systems Inc. has launched a brand new protected mode for its highly ubiquitous Flash Player that could thwart attackers from targeting flaws within the browser component in Mozilla Firefox.

Sandboxing technology has proven very effective in protecting users by increasing the price and complexity of authoring effective exploit.

Peleus Uhley, platform security strategist, Adobe Systems Inc.

A beta version of Flash Player sandbox for the Firefox browser was released this week. The protected mode is currently available for users of Google Chrome. It's designed to isolate Flash Player from sensitive processes, making it tougher for attackers to focus on Flash vulnerabilities, using Flash Player as a stepping stone to realize access to critical processes or data.

Adobe Flash Player Protected Mode for Firefox 4.0 or later would be supported on both Windows Vista and Windows 7.

“Sandboxing technology has proven very effective in protecting users by increasing the value and complexity of authoring effective exploits,” wrote Peleus Uhley, platform security strategist at Adobe. “For Flash Player, it is the following evolutionary step in protecting our customers.”

While Adobe touts the advantages of sandboxing, to date there was little evidence that it has helped defend against attacks. Flash and Adobe Reader and Acrobat remain the foremost targeted software by attackers. Uhley said Flash Player protected mode forces it to run as “a low integrity, highly restricted process that must communicate through a broker to restrict its privileged activities.” Adobe engineers worked closely with Firefox developers to create the brand new sandbox mode.

Engineers also worked closely with Google to develop a sandbox version of Flash Player for the Chrome Browser. That version of Flash Player is supported for users of Windows XP.

Adobe began rolling out “protected mode” for Adobe Reader and Flash Player in 2010. Adobe Reader X was created based on an increased focus by attackers in targeting zero-day flaws within the software. While sandboxing technology won't stop all attacks, it does provide a different layer of defense and makes attacks harder to pull off. Last year, researcher Billy Rios demonstrated how to bypass Flash Player sandboxing.

The company have been increasing the safety layers in its software. Protected View was launched last year and is enabled by default when a user opens up an untrusted file in Adobe Reader X.


Dig Deeper
  • Folks that read this also read...


Pubblicato da alle 16:07

Nessun commento:

Posta un commento

Comments links could be nofollow free

Iscriviti a: Commenti sul post (Atom)