Adobe Flash Stays Afloat with Google’s Help to Make Vulnerabilities Harder to Exploit

Posted on July 20, 2015 by .

Share and Enjoy:
Follow Me on Pinterest More More

Adobe Flash Player has undoubtedly had a bullseye target on it from hackers and cybercrooks for nearly as long as it has been in existence. The many vulnerabilities that have plagued Adobe Flash over the years has been the brunt to many cyber-attacks and malicious targets for computers around the world. To keep the multimedia platform afloat, Adobe sought assistance form Google to help make the vulnerabilities harder to exploit.

Additional protections have been added to Adobe Flash over the last couple of updates essentially making entire classes of security flaws more difficult to exploit in the future. The low-level defenses added to Flash Player 18.0.0.209 have the ability to block a technique that was used in Flash exploits since 2013.

The methods to block the malicious techniques will eliminate the ability for corruption of the length of an ActionScript Vector buffer object placing malicious code at a predictable location in memory when executed. Flash applications are written in ActionScript so this method would essentially be a proactive measure instead of reactive.

Used by two Flash Player exploits found among the files leaked in an Italian surveillance software maker team known as Hacking Team, the method was successfully used. Google’s security engineers have contributed a mitigation of the issues that Adobe has been faced with in their latest Flash Player. The process, called “heap partitioning,” is a process that isolates different objects from one another in the heap. The heap is where the computer’s memory stores program variables. The isolation would limit corruption and prove to be an effective defense mechanism, much more powerful for the 64-bit version of Flash Player.

The new method of manipulating the ActionScript Vector buffer object has been used by Google researchers with success. Though, experts expect that attackers will eventually work to find ways around the defenses. For now, the added protection is there and demonstrates a valiant effort on the part of Adobe and Google to help thwart attacks that eventually turn into massive vulnerabilities that must be patched at a later date. In such circumstances, a vulnerability found in Adobe Flash will be out in the wild for up to weeks at a time allowing hackers to initiate attacks on vulnerable computers.

Even though Adobe Flash and its use is nearly like playing a cat and mouse game, definitive security protections added like this are one step in the right direction – for all of us – no matter our use of Adobe Flash.

Popularity: 3%


Leave a Reply

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word