[+] Wayc0de's Blog[+]

23/09/11

Adobe adding security, privacy goodies to Flash Player 11

Summary: Adobe’s new Flash Player 11 will include support for 64-bit exploit migitation and support for SSL socket connections.


Battling to cope with the hacker bullseye on its back, Adobe plans to add new security and privacy features to the next iteration of its ubiquitous Flash Player, including  support for SSL socket connections and the introduction of 64-bit ASLR (Address Space Layout Randomization).

Adobe said the new Flash Player 11, expected in early October, will include the SSL socket connection support to make it easier for developers to protect the data they stream over the Flash Player raw socket connections.

Adobe to rush out Flash Player patch to thwart zero-day attacks ]

Flash Player 11 will also include a secure random number generator.

Adobe’s Platform Security Strategist Peleus Uhley explains:
Flash Player previously provided a basic, random number generator through Math.random. This was good enough for games and other lighter-weight use cases, but it didn’t meet the complete cryptographic standards for random number generation. The new random number generator API hooks the cryptographic provider of the host device, such as the CryptGenRandom function in Microsoft CAPI on Windows, for generating the random number. The native OS cryptographic providers have better sources of entropy and have been peer reviewed by industry experts.

Adobe admits to 80 'code changes' in Flash Player patch ]

The company is also adding 64-bit support in Flash Player 11, a move that Uhley says will bring some security side-benefits.

If you are using a 64-bit browser that supports address space layout randomization (ASLR) in conjunction with the 64-bit version of Flash Player, you will be protected by 64-bit ASLR. Traditional 32-bit ASLR only has a small number of bits available in the memory address for randomizing locations. Memory addresses based on 64-bit registers have a wider range of free bits for randomization, increasing the effectiveness of ASLR.

On the privacy side, Adobe is adding a private browsing mode to allow users to stay incognito while viewing Flash files.   A mobile control panel is also being added to Android devices to easier for users to manage their Flash Player privacy settings on their Android devices.

Tidak ada komentar:

Posting Komentar