Software maker Adobe has announced on its blog (via ZDNet) that its Flash Player software is now sandboxed for the version of Safari found in OS X Mavericks, preventing malware targeting Flash from accessing sensitive data and system resources beyond Apple's browser. As described by Apple, sandboxing "provides a last line of defense against the theft, corruption, or deletion of user data" if a malicious attempt is made at exploiting an app.
For the technically minded, this means that there is a specific com.macromedia.Flash Player.plugin.sb file defining the security permissions for Flash Player when it runs within the sandboxed plugin process. As you might expect, Flash Player’s capabilities to read and write files will be limited to only those locations it needs to function properly. The sandbox also limits Flash Player’s local connections to device resources and inter-process communication (IPC) channels. Finally, the sandbox limits Flash Player’s networking privileges to prevent unnecessary connection capabilities.
Flash is a common target for malware and a number of such attacks have affected Mac users, including a trojan named Flashback that began as a fake Flash Player installer before returning with a multi-pronged infection strategy as it infected over 600,000 Macs worldwide. This past February, Adobe also released a Flash Player update to address a pair of security vulnerabilties as Apple updated its Xprotect anti-malware system to enforce new minimum version requirements, blocking all previous versions of Flash Player.
OS X Mavericks is available as a free, one-step update for all Mac users running OS X Snow Leopard and above, available on the Mac App Store. [Direct Link]
Top Rated Comments
Respectfully, the minute people stop believing that, it will go away. I only say that because I haven't had Flash installed for several years now, and this is my daily use system.
I get there may be some corner cases... Yes I know people need to do there job and corporate (or powers that be) haven't migrated yet. I'm stuck in that situation with Java right now. As soon as my employer migrates away from Java (should be Q1 2014) my hassle free days of using the inter webs will begin.
I'm just sayin'...
Xvideos.com uses flash. That means that unfortunately, Flash is staying on my system for the near future.
Because it only has a 32bit boot ROM and thus cannot work a 64bit system. The ROM is also too small for the 64bit version to be installed.