Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev

Adobe adding security, privacy goodies to Flash Player 11

By Ryan Naraine | September 22, 2011, 12:00pm PDT

Summary: Adobe’s new Flash Player 11 will include support for 64-bit exploit mitigation and support for SSL socket connections.

Battling to cope with the hacker bullseye on its back, Adobe plans to add new security and privacy features to the next iteration of its ubiquitous Flash Player, including support for SSL socket connections and the introduction of 64-bit ASLR (Address Space Layout Randomization).

Adobe said the new Flash Player 11, expected in early October, will include the SSL socket connection support to make it easier for developers to protect the data they stream over the Flash Player raw socket connections.

[ Adobe to rush out Flash Player patch to thwart zero-day attacks ]

Flash Player 11 will also include a secure random number generator.

Adobe’s Platform Security Strategist Peleus Uhley explains:

Flash Player previously provided a basic, random number generator through Math.random. This was good enough for games and other lighter-weight use cases, but it didn’t meet the complete cryptographic standards for random number generation. The new random number generator API hooks the cryptographic provider of the host device, such as the CryptGenRandom function in Microsoft CAPI on Windows, for generating the random number. The native OS cryptographic providers have better sources of entropy and have been peer reviewed by industry experts.

[ Adobe admits to 80 'code changes' in Flash Player patch ]

The company is also adding 64-bit support in Flash Player 11, a move that Uhley says will bring some security side-benefits.

If you are using a 64-bit browser that supports address space layout randomization (ASLR) in conjunction with the 64-bit version of Flash Player, you will be protected by 64-bit ASLR. Traditional 32-bit ASLR only has a small number of bits available in the memory address for randomizing locations. Memory addresses based on 64-bit registers have a wider range of free bits for randomization, increasing the effectiveness of ASLR.

On the privacy side, Adobe is adding a private browsing mode to allow users to stay incognito while viewing Flash files. A mobile control panel is also being added to Android devices to easier for users to manage their Flash Player privacy settings on their Android devices.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

DIY botnet kit spotted in the wild

Researchers find Mac OS X malware posing as PDF file

Topics

Security, Adobe Systems Inc., Macromedia Flash Player, Mobile Control Panel, 64-Bit, Network Technology, Processors, Semiconductors, Hardware, Components, Networking, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Full Bio
Disclosure
Contact

Vendor HotSpot

The 360° Conversation around Cloud Computing

TECH VISUALIZER brings the social conversation to life... powered by Brocade

Learn More »

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

Ask a Question Start a Discussion

Comments

Add Your Opinion

Join the conversation!

Follow via:: RSS; Email Alert

Just In

RE: Adobe adding security, privacy goodies to Flash Player 11

ronatkcrw 22nd Sep

@Vesicant
You made our whole IT department laugh.

View in thread

Please Select
Please Select

0 Votes

+ -

The biggest thing that they need to do is drop support for Flash 8-

Lerianis10 22nd Sep

That would take care of most of the exploits in Flash Player, simply by only keeping Flash 9 and up apps compatible.

Reply
Flag

0 Votes

+ -

Spelling error

hairy__beanbag@... 22nd Sep

quote: "Summary: Adobe???s new Flash Player 11 will include support for 64-bit exploit migitation and support for SSL socket connections."
"migitation" should this be mitigation