A couple of days ago, I posted a note here about the new versions of Adobe’s Flash Player, which had just been released. In addition to the security fix contained in the new releases, there was some significant added functionality for Windows and Mac OS X users in version 11.3.300.257. (These changes are described in more detail in a blog post by Adobe’s Secure Software Engineering Team [ASSET].)
For Windows users who use the Firefox browser, the Flash plugin will now run in a “sandbox” by default; that is, it will run in a child process with a restricted environment and limited write permission. The technology, which has been used to run Adobe’s Reader X in protected mode, makes it more difficult for an attacker to “hijack” the plugin to compromise other areas of the system. Another blog post by the ASSET group gives a detailed technical explanation of how the sandbox is implemented, This is a positive step that should make successful exploits more difficult to achieve.
The other changes affect Flash Player for Mac OS X, which now includes a background software update capability. If this is enabled, the software will check for and install updated versions automatically. According to the ASSET blog:
If the user chooses to accept background updates, then the Mac Launch Daemon will launch the background updater every hour to check for updates until it receives a response from the Adobe server. If the server responds that no update is available, the system will begin checking again 24 hours later. If a background update is available, the background updater can download and install the update without interrupting the end-user’s session with a prompt.
Moving to an automated update process is very much the trend in software; Google’s Chrome browser, for example, has had this capability for some time, and Windows, of course, can also install updates automatically. While I have some personal reservations about this approach — I don’t like the idea of the system silently changing underneath me, as it were — I can see the logic from the vendor’s point of view. Most users, left to their own devices as they were for so long, do a terrible job of keeping their systems up to date. Having the updates installed automagically will undoubtedly improve security for the typical user.
Finally, beginning with the new release for Mac OS X, Adobe is cryptographically signing Mac versions of the Flash Player with an Apple Developer ID Certificate. Mac OS X 10.8 (Mountain Lion) introduces a new facility called Gatekeeper, which can be set to reject any unsigned software updates. As we have seen previously, this type of mechanism is not without its own problems, but it is another step toward security “defense in depth”.
Update Monday, 11 June, 16:08 EDT
Ars Technica has an article describing the new features, and giving a bit more background.