Adobe is working on a new version of the Flash player software that will include some upgraded security features, most notably a sandbox for Flash running on Firefox. The beta version of Flash that includes the sandbox for Firefox is available for users now.
Flash on Google Chrome has been sandboxed for quite a while now, and the inclusion of a sandbox for Flash on Firefox brings the upgraded protection to a broader range of users. The sandbox is designed to prevent attacks on Flash vulnerabilities from enabling attackers to move on to other applications or the operating system. Adobe has included the new protected-mode Flash in the beta version of Flash 11.3.
“Flash Player Protected Mode is a new security enhancement designed to limit the impact of attacks launched from malicious SWF files against Adobe Flash Player when running in Firefox 4.0+ on Windows Vista and higher,” Adobe said.
Adobe officials announced in February that they were working on a protected mode for Flash on Firefox and said that it is meant to provide the same kind of protection for users as the Protected Mode in Adobe Reader X does. The company has credited the addition of that feature with helping to stem the tide of attacks against Reader, which had been a major target for attackers for a long time.
“Like the Adobe Reader X sandbox, Flash Player will establish a low integrity, highly restricted process that must communicate through a broker to limit its privileged activities. The sandboxed process is restricted with the same job limits and privilege restrictions as the Adobe Reader Protected Mode implementation. Adobe Flash Player Protected Mode for Firefox 4.0 or later will be supported on both Windows Vista and Windows 7,”Adobe’s Peleus Uhley said in a blog post in February.
Adobe also will be including a background updater mechanism for Flash on Mac when the final release of the new version is available later this year.