Skip to main content
  1. Home
  2. Computing
  3. News

Adobe and Google join forces to strengthen Flash defenses against hacks

Gabe Carey
By

new defenses make flash more difficult to hack shutterstock 189107936
Image used with permission by copyright holder
A series of cyber attacks targeting Adobe’s Flash Player has led to a strengthening of the company’s defenses, according to Ars Technica. With such an immense user base, Flash has become an obvious target, and a susceptible one, for hackers seeking to inconvenience the largest audience possible.

As a result, a vast assortment of software engineers at Adobe and Google have scurried to shore up the vulnerabilities in Google’s Chrome browser, by far the most popular in terms of global market share. These changes, detailed in a blog post on Thursday, are said to have structurally modified the way Flash interacts with the operating systems installed on many PCs, thereby diminishing the likelihood of attacks.

Recommended Videos

Two major alterations have been added to Flash, one of which is not exclusive to Google Chrome and the other of which is exclusive, but will be added to other browsers come August.

Related

The Chrome-only mitigation consists of a new partition added to the heap, a rather sizable collection of computer memory designed to isolate different objects from one another. As a result, one object in the memory pool cannot be exploited by hackers in order to meddle with others.

If heap partitioning had been included in Flash before the exploits were deployed, they would have been much more difficult to carry out. To be specific, the exploits performed by the attackers were accomplished by modifying the “Vector.” object after clearing some of the heap that it inhabited.

As a result, the attackers were able to infect computer memory, installing malware on the corresponding computer. A diagram below from Google Project Zero team members Mark Brand and Chris Evans illustrates how the breaches were executed.

Thanks to the new design embedded below, a portion of unmapped space, referred to as “no man’s land,” is positioned between the Flash heap and System heap, making exploitation clearly more difficult.

To take full advantage of Google’s new security measure, make sure that you’re using the 64-bit version of Google Chrome if you’re on a 64-bit computer since the number of memory addresses in the 32-bit version pales in comparison. To check what version of Chrome you’re running, enter chrome://chrome in your address bar. Unless you see the string “64-bit” in the resulting window, you’re on the 32-bit version of Google Chrome and you may want to resolve this by switching to 64-bit to avoid security threats.

A second security effort, presented by Adobe, ensures that the attacker cites a validation secret prior to revising Vector objects. This preventive measure aims to protect users of 32-bit browsers and serves as a superlative demonstration of what researchers refer to as “defense in depth.” Adhering to this ideology, the Project Zero team is currently taking further action to ensure optimal protection against hackers. This includes browser sandboxes and compiler-based mitigations.

Editors' Recommendations

Topics
Gabe Carey
Gabe Carey
Former Digital Trends Contributor
A freelancer for Digital Trends, Gabe Carey has been covering the intersection of video games and technology since he was 16…
Save $650 on this Lenovo gaming PC with an RTX 4080 Super
Lenovo Legion Tower 7i gaming PC sitting on a table.

As part of Lenovo’s clearance sale, it has one of the most appealing gaming PC deals around today. It’s currently selling the Lenovo Legion Tower 7i for $2,600 instead of $3,250. That means a considerable saving of $650 on a gaming rig that will last you a long time to come. It’s full of the greatest and latest hardware so all you need to do is hook it up to one of the best gaming monitors. All sound appealing? Here’s what else you need to know.

Why you should buy the Lenovo Legion Tower 7i
Sure to be one of the best gaming PCs for most needs, the Lenovo Legion Tower 7i is a delight. It has a sleek yet stylish design which will easily fit under your desk or even on top of it. A 14th-generation Intel Core i9-14900KF processor powers proceedings while there’s 32GB of memory which increasingly feels like the minimum you want from a reliable gaming rig.

Read more
You can still buy the M1 MacBook Air, and it’s cheaper than ever
Apple MacBook Air M1 open, on a table.

Apple deals are rarely particularly cheap but Walmart is continuing to sell the Apple MacBook Air M1 with 13.3-inch screen for just $699. The lowest price ever, it’s the perfect entry point for anyone considering checking out macOS. It feels like stock must be starting to run low here so if you don’t want to miss out on one of the better laptop deals around, hit the buy button now before you miss out. Otherwise, here’s what the MacBook Air M1 has to offer.

Why you should buy the MacBook Air M1
The MacBook Air M1 isn’t considered one of the best laptops any more but just because its processor is a few years old doesn’t mean you should ignore it. MacBooks are typically built to last with support for macOS continuing for a number of years. With the MacBook Air M1, you get the M1 chip with an 8-core CPU which is sure to outperform Intel chips of the same era. The leap between Intel-based MacBooks to Apple silicon was pretty huge which is why the M1 chip remains highly potent.

Read more
Apple already has its next big chip, but you may never see it
Apple Mac Studio top down view showing PC and keyboard.

Apple’s M3 series of chips has been a major improvement over what came before it, with users feeling the benefits across the Mac range. The only chip missing from the lineup is the M3 Ultra, which is reserved for Apple’s high-end Mac Studio and Mac Pro devices.

We’ve been hearing that Apple is thinking of shifting to an annual release cycle for its Mac chips, and with the M2 Ultra having made its debut in June 2023, everyone has been gearing up to see the M3 edition launching this summer.

Read more