Adobe Flash Player now sandboxed on OS X Safari

When run on OS X 10.9 Mavericks, Adobe Flash Player will run in a sandbox, with limited capacity for mischief if compromised.

Having released protected versions of Flash Player for Google Chrome, Microsoft Internet Explorer and Mozilla Firefox, Adobe has announced that Flash Player will be sandboxed on Apple Safari when run on OS X 10.9 Mavericks.

Specifically, Adobe has created a sandbox profile for the Flash plugin and included it in the Webkit project. Webkit is the browser engine used in Safari.

The sandbox profile tells Safari/Webkit to limit the ability of the plugin to read or write files to only the specified items. The goal of a sandbox such as this is to limit the damage that an attacker can do if he takes control of Flash through a vulnerability. The sandbox should prevent attackers from attacking other programs or creating a persistent infection.

Adobe has also sandboxed the major versions of their Reader program and Acrobat. These programs used to be leading targets for malicious attack on the web, but years of security work on them have induced attackers to look elsewhere.