Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Adobe confirms Flash Player is sandboxed in Safari for OS X Mavericks

Last updated

After years of fighting malware and exploits facilitated through Adobe's Flash Player, the company is taking advantage of Apple's new App Sandbox feature to restrict malicious code from running outside of Safari in OS X Mavericks.

As outlined in a post to Adobe Secure Software Engineering Team (ASSET) blog, the App Sandbox feature in Mavericks lets Adobe limit the plugin's capabilities to read and write files, as well as what assets Flash Player can access.

Adobe platform security specialist Peleus Uhley explained that in Mavericks, Flash Player calls on a plugin file — specifically com.macromedia.Flash Player.plugin.sb — used to define security permissions defined by an OS X App Sandbox. The player's capabilities are then restricted to only those operations that are required to operate normally.

In addition, Flash Player can no longer access local connections to device resources and inter-process communications (IPC) channels. Network privileges are also limited to within OS X App Sandbox parameters, preventing Flash-based malware from communicating with outside servers.

Uhley noted that the company has effectively deployed some method of sandboxing with Google's Chrome, Microsoft's Explorer and Mozilla's Firefox browsers. Apple will now be added to that list as long as users are running Safari in Mavericks.

"Safari users on OS X Mavericks can view Flash Player content while benefiting from these added security protections," Uhley said. "We'd like to thank the Apple security team for working with us to deliver this solution."



38 Comments

ascii 19 Years · 5930 comments

I don't know why more companies aren't happy about App Sandbox. Not only does it stop web facing software possibly being exploited, but can also save a company from ruining their reputation or facing legal action. What if your ordinary (non web facing) app has a bug and accidentally deletes the user's home folder? Your company could be sued by that user and/or get lots of bad press, but App Sandbox would have stopped it from doing it.

chandra69 13 Years · 634 comments

Quote:
Originally Posted by ascii 

I don't know why more companies aren't happy about App Sandbox. Not only does it stop web facing software possibly being exploited, but can also save a company from ruining their reputation or facing legal action.

What if your ordinary (non web facing) app has a bug and accidentally deletes the user's home folder? Your company could be sued by that user and/or get lots of bad press, but App Sandbox would have stopped it from doing it.

I Accept the Terms and Conditions covers all that sh!t

retiarius 23 Years · 141 comments

Does this mean Java is next ?!    Oh goody if so !?

retiarius 23 Years · 141 comments

I really dig this setup -- Apple the 64-bit Superman or Ninja Warrior

fending off all attacks, alongside the 8-bit Nintendo or Atari

cartoonish pencil-neck geek wimps bowing to the superior force.