Adobe Flash Player 11 Promises Security Improvements

Flash Player upgrade will add SSL and better crypto features, while Android version gets the ability to nuke Flash cookies.

Slideshow: Adobe CS 5.5: Evaluating Bundle, Feature Upgrades (click image for larger view and for slideshow)
Adobe announced this week that its putting the finishing touches on a new version of Flash Player that will provide new security and privacy enhancements on both the desktop and mobile versions of its application.
Notably, Flash Player 11--set to debut in early October--adds desktop support for SSL socket connections, as well as a secure, random number generator, both of which should help developers to better secure users information. Flash Player previously provided a basic, random number generator through Math.random. This was good enough for games and other lighter-weight use cases, but it didnt meet the complete cryptographic standards for random number generation, said Adobes Lindsey Wegrzyn, senior product manager for privacy, and Peleus Uhley, a platform security strategist, in a
blog post
.
Instead, Flash Player 11 will include a random number generator API that hooks into the cryptographic functionality built into the underlying operating system. The native OS cryptographic providers have better sources of entropy and have been peer reviewed by industry experts, said Wegrzyn and Uhley.
For the first time, Flash Player 11 adds 64-bit operating system support. One upside of this will be more effective
address space layout randomization
(ASLR) for Linux, Mac OS, and Windows browsers that support ASLR in 64-bit mode. Traditional 32-bit ASLR only has a small number of bits available in the memory address for randomizing locations. Memory addresses based on 64-bit registers have a wider range of free bits for randomization, increasing the effectiveness of ASLR, said Wegrzyn and Uhley.
[ What is the future of Flash?
Adobe Insists Flash Will Survive HTML 5
]
The Android version of Flash Player 11, meanwhile, will also sport a number of security enhancements, some of them previously introduced for desktops as of
Flash Player 10.3
in May. Notably, mobile device users will gain the ability to clear local shared objects--aka
Flash cookies
--from their browser. Other improvements include a device-native control panel for controlling Flash Player settings, as well as support for
private browsing
, aka incognito mode, although this feature will only work on Android Honeycomb (version 3.x).
Beyond these security and privacy enhancements, Adobe said Flash Player 11, as well as
AIR 3
--the new version of Adobes cross-platform, Web application runtime environment, also set to be released next month--will offer high-definition video and three-dimensional rendering. Adobe said the new, underlying rendering engine, called Stage 3D (which runs on desktops and laptops, but not smartphones or tablets), renders 1,000 times more quickly than the engine built into Flash Player 10. As a result, Adobe is touting Flash Player 11 as a way to offer console-quality games to users, and said the technology will also support high-quality HD videoconferencing.
With AIR 3, Adobe is also adding support for three new platforms: iOS (including the iPhone and iPad), Android, and Adobe AIR for TV. In addition, AIR developers will be able to build their own, native extensions for AIR applications, which Adobe said may improve performance. Developers can also use these extensions to access native operating system and hardware features, such as sensors (gyroscopes, magnetometers, light sensors, etc.), multiple screens, native in-app payments, haptic/vibration control, device status, and Near Field Communications, said Adobe.
Attend Enterprise 2.0 Santa Clara, Nov. 14-17, 2011, and learn how to drive business value with collaboration, with an emphasis on how real customers are using social software to enable more productive workforces and to be more responsive and engaged with customers and business partners. Register today and save 30% off conference passes, or get a free expo pass with priority code CPHCES02.
Find out more and register.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Adobe Flash Player 11 Promises Security Improvements