With the latest Mac OS X comes Safari 7.0, and today Adobe announced that Flash Player software is now sandboxed for this version (via ZDNET). This will protect users running Mavericks and using the Safari Web browser from malware targeting Flash vulnerabilities to extract sensitive data and system resources.
A non-sandboxed app has the full rights of the user who is running that application, and can access any resources that the user can access. The App Sandbox, as Apple explains, provides a last line of defense against the theft, corruption, or deletion of user data if an attacker successfully exploits security holes in your application or the framework it is linked with.
For the technically minded, this means that there is a specific com.macromedia.Flash Player.plugin.sb file defining the security permissions for Flash Player when it runs within the sandboxed plugin process. As you might expect, Flash Player’s capabilities to read and write files will be limited to only those locations it needs to function properly. The sandbox also limits Flash Player’s local connections to device resources and inter-process communication (IPC) channels. Finally, the sandbox limits Flash Player’s networking privileges to prevent unnecessary connection capabilities.
Safari users on OS X Mavericks can view Flash Player content while benefiting from these added security protections. We’d like to thank the Apple security team for working with us to deliver this solution, the Adobe blog post reads.
You may recall that Flash vulnerabilities have been exploited by malware developers targeting Mac users recently. There even was a Trojan named Flashback that acted as a Flash Player installer, which in the end infected more than 600,000 Mac computers worldwide.
Mavericks is available as a free upgrade in the Mac App Store for Mac users running Snow Leopard or later.