Adobe, which has spent the last few years trying to dig out of a deep hole of vulnerabilities and buggy code, is making a major change to Flash, adding a sandbox to the version of the player that runs in Firefox. The sandbox is designed to prevent many common exploit techniques against Flash.
The move by Adobe comes roughly a year after the company added a sandbox to Flash for Google Chrome. Flash, which is perhaps the most widely deployed piece of software on the Internet, has been a common attack vector for several years now, and the attacks in some cases have been used to get around exploit mitigations added by the browser vendors. The sandbox is designed to prevent many of these attacks by not allowing exploits against Flash to break out into the browser itself.
The version of Flash for Firefox that includes a sandbox is now in beta form, and is only available to developers and not end users. The final version should be available for users later this year, Adobe said.
“The design of this sandbox is similar to what Adobe delivered with Adobe Reader X Protected Mode and follows the same Practical Windows Sandboxing approach. Like the Adobe Reader X sandbox, Flash Player will establish a low integrity, highly restricted process that must communicate through a broker to limit its privileged activities. The sandboxed process is restricted with the same job limits and privilege restrictions as the Adobe Reader Protected Mode implementation. Adobe Flash Player Protected Mode for Firefox 4.0 or later will be supported on both Windows Vista and Windows 7,” Adobe’s Peleus Uhley said.
Adobe officials have said that the introduction of the sandbox in Adobe Reader X, known as Protected Mode, was one of the more important security advances for protecting the company’s users. Uhley said that in the more than 14 months since Reader X was released, the company has not seen a single successful public exploit against the application, which is a major change fron previous versions of Reader, which were common attack targets.
In a speech at the Kaspersky Lab-Threatpost Security Analyst Summit in Cancun last week, Brad Arkin, the senior director of product security and privacy, said that rather than trying to eliminate every possible security bug, Adobe was more interested in making it difficult for attackers to exploit such flaws.
“[Writing a completely secure application] is completely infeasible for the size programs we’re talking about. We’re trying to figure out what sort of mitigations we can put in place that drive up the cost of these exploits,” Arkin said. “My goal isn’t to find and fix every security bug. It’s to drive up the cost of writing exploits. We invest a lot of time in building up mitigations that increase the cost and complexity of writing exploits that will become reliable.”
One of the methods for accomplishing that is including a sandbox, which can prevent attackers from being able to use a Flash bug to compromise a user’s browser.