Better late than never: you can now avail yourself of Safari for OS X Mavericks‘ new sandboxing feature to firewall Adobe’s Flash player. Adobe “security strategist” Peleus Uhley confirmed as much in an update to the company’s software security engineering team blog.
The move is both to Apple and Adobe’s credit, but it’s late-coming. As Adobe notes, it’s been working with Google, Microsoft and Mozilla for years to build sandboxing into Chrome, Internet Explorer and Firefox. Safari would be the last of the major players to join the dance. Adobe says it’s been working with Apple for an unspecified period of time, and that the result of that work is present in Safari for OS X Mavericks. “Flash Player will now be protected by an OS X App Sandbox,” writes Uhley.
What’s an “app sandbox” and why should you care? Apple has a handy guide here, but in brief, a sandbox is like a micro-firewall around each app; instead of governing at the network level, it governs at the permissions level. Without sandboxing, apps have the same rights you do. If those apps then happen to have security holes and someone exploits those holes, said person (or person’s “malicious code”) can gain the ability to do anything you can.
Sandboxing an app restricts it to do only the things it’s explicitly designed to. It’s not a blanket guarantee of security, of course, since what an app needs to do can still, by design, involve access to critical or sensitive resources, but sandboxing prevents the app, or someone exploiting the app, from poking around anywhere they’re not supposed to be. Think of it as putting the operating system’s resources behind doors with keycard access, then only handing out keycards to apps that warrant it.
With Adobe Flash, Uhley says the app will now be restricted to reading and writing files in need-to-access locations only:
For the technically minded, this means that there is a specific com.macromedia.Flash Player.plugin.sb file defining the security permissions for Flash Player when it runs within the sandboxed plugin process. As you might expect, Flash Player’s capabilities to read and write files will be limited to only those locations it needs to function properly. The sandbox also limits Flash Player’s local connections to device resources and inter-process communication (IPC) channels. Finally, the sandbox limits Flash Player’s networking privileges to prevent unnecessary connection capabilities.