Adobe Flash Player Now Sandboxed in Safari on OS X Mavericks

Software maker Adobe has announced on its blog (via ZDNet) that its Flash Player software is now sandboxed for the version of Safari found in OS X Mavericks, preventing malware targeting Flash from accessing sensitive data and system resources beyond Apple's browser. As described by Apple, sandboxing "provides a last line of defense against the theft, corruption, or deletion of user data" if a malicious attempt is made at exploiting an app.

For the technically minded, this means that there is a specific com.macromedia.Flash Player.plugin.sb file defining the security permissions for Flash Player when it runs within the sandboxed plugin process. As you might expect, Flash Player’s capabilities to read and write files will be limited to only those locations it needs to function properly. The sandbox also limits Flash Player’s local connections to device resources and inter-process communication (IPC) channels. Finally, the sandbox limits Flash Player’s networking privileges to prevent unnecessary connection capabilities.

Flash is a common target for malware and a number of such attacks have affected Mac users, including a trojan named Flashback that began as a fake Flash Player installer before returning with a multi-pronged infection strategy as it infected over 600,000 Macs worldwide. This past February, Adobe also released a Flash Player update to address a pair of security vulnerabilties as Apple updated its Xprotect anti-malware system to enforce new minimum version requirements, blocking all previous versions of Flash Player.

OS X Mavericks is available as a free, one-step update for all Mac users running OS X Snow Leopard and above, available on the Mac App Store. [Direct Link]