Bidvert-advert

Stay Update - ICT Security

Enter your email address:

We hate spam as much as you do and we will never sell, barter, or rent your email address to any unauthorized third party.

Most Frequently Used Software


CURL / XPertMailer / AutoBlogger / (Parser - PHP Simple HTML DOM)

giovedì 16 febbraio 2012

Adobe issues support for Flash Player sandboxing in Firefox

Adobe Systems Inc. has launched a brand new protected mode for its highly ubiquitous Flash Player that could thwart attackers from targeting flaws within the browser component in Mozilla Firefox.

Sandboxing technology has proven very effective in protecting users by increasing the price and complexity of authoring effective exploit.

Peleus Uhley, platform security strategist, Adobe Systems Inc.

A beta version of Flash Player sandbox for the Firefox browser was released this week. The protected mode is currently available for users of Google Chrome. It's designed to isolate Flash Player from sensitive processes, making it tougher for attackers to focus on Flash vulnerabilities, using Flash Player as a stepping stone to realize access to critical processes or data.

Adobe Flash Player Protected Mode for Firefox 4.0 or later might be supported on both Windows Vista and Windows 7.

“Sandboxing technology has proven very effective in protecting users by increasing the price and complexity of authoring effective exploits,” wrote Peleus Uhley, platform security strategist at Adobe. “For Flash Player, here's the subsequent evolutionary step in protecting our customers.”

While Adobe touts the advantages of sandboxing, thus far there was little evidence that it has helped defend against attacks. Flash and Adobe Reader and Acrobat remain probably the most targeted software by attackers. Uhley said Flash Player protected mode forces it to run as “a low integrity, highly restricted process that must communicate through a broker to restrict its privileged activities.” Adobe engineers worked closely with Firefox developers to create the hot sandbox mode.

Engineers also worked closely with Google to develop a sandbox version of Flash Player for the Chrome Browser. That version of Flash Player is supported for users of Windows XP.

Adobe began rolling out “protected mode” for Adobe Reader and Flash Player in 2010. Adobe Reader X was created according to an increased focus by attackers in targeting zero-day flaws within the software. While sandboxing technology won't stop all attacks, it does provide yet another layer of defense and makes attacks more challenging to pull off. Last year, researcher Billy Rios demonstrated the way to bypass Flash Player sandboxing.

The company have been increasing the protection layers in its software. Protected View was launched last year and is enabled by default when a user opens up an untrusted file in Adobe Reader X.


Dig Deeper
  • Individuals who read this also read...


Pubblicato da alle 09:02

Nessun commento:

Posta un commento

Comments links could be nofollow free

Iscriviti a: Commenti sul post (Atom)