Skip to main content

Adobe and Google join forces to strengthen Flash defenses against hacks

A series of cyber attacks targeting Adobe’s Flash Player has led to a strengthening of the company’s defenses, according to Ars Technica. With such an immense user base, Flash has become an obvious target, and a susceptible one, for hackers seeking to inconvenience the largest audience possible.

As a result, a vast assortment of software engineers at Adobe and Google have scurried to shore up the vulnerabilities in Google’s Chrome browser, by far the most popular in terms of global market share. These changes, detailed in a blog post on Thursday, are said to have structurally modified the way Flash interacts with the operating systems installed on many PCs, thereby diminishing the likelihood of attacks.

Recommended Videos

Two major alterations have been added to Flash, one of which is not exclusive to Google Chrome and the other of which is exclusive, but will be added to other browsers come August.

The Chrome-only mitigation consists of a new partition added to the heap, a rather sizable collection of computer memory designed to isolate different objects from one another. As a result, one object in the memory pool cannot be exploited by hackers in order to meddle with others.

If heap partitioning had been included in Flash before the exploits were deployed, they would have been much more difficult to carry out. To be specific, the exploits performed by the attackers were accomplished by modifying the “Vector.” object after clearing some of the heap that it inhabited.

As a result, the attackers were able to infect computer memory, installing malware on the corresponding computer. A diagram below from Google Project Zero team members Mark Brand and Chris Evans illustrates how the breaches were executed.

Thanks to the new design embedded below, a portion of unmapped space, referred to as “no man’s land,” is positioned between the Flash heap and System heap, making exploitation clearly more difficult.

To take full advantage of Google’s new security measure, make sure that you’re using the 64-bit version of Google Chrome if you’re on a 64-bit computer since the number of memory addresses in the 32-bit version pales in comparison. To check what version of Chrome you’re running, enter chrome://chrome in your address bar. Unless you see the string “64-bit” in the resulting window, you’re on the 32-bit version of Google Chrome and you may want to resolve this by switching to 64-bit to avoid security threats.

A second security effort, presented by Adobe, ensures that the attacker cites a validation secret prior to revising Vector objects. This preventive measure aims to protect users of 32-bit browsers and serves as a superlative demonstration of what researchers refer to as “defense in depth.” Adhering to this ideology, the Project Zero team is currently taking further action to ensure optimal protection against hackers. This includes browser sandboxes and compiler-based mitigations.

Gabe Carey
A freelancer for Digital Trends, Gabe Carey has been covering the intersection of video games and technology since he was 16…
The robot takeover comes another step closer — at Amazon
An Amazon robot working inside one of the company's warehouses.

Amazon is close to having more robots operating inside its warehouses than humans after the e-commerce giant announced this week that it now has more than a million robots working at its facilities around the world.

Over the years, Amazon has spent billions of dollars on the development and deployment of warehouse-based robots, which handle an array of tasks once performed by human workers.

Read more
This Lenovo ThinkPad laptop is over $1,400 off — hurry while stocks last!
The Lenovo ThinkPad T14 Gen 5 Intel laptop on a white background.

Now's an excellent time to take advantage of laptop deals from Lenovo, which has slashed the prices of a wide range of devices for its Black Friday in July sale. Lenovo's ThinkPad laptops are up to 45% off, and here's one of the most interesting offers available with such a discount — the Lenovo ThinkPad T14 Gen 5 at $1,440 off its estimated value of $3,199, so you'll only have to pay $1,759. That's an excellent price for this fantastic productivity tool, but you're going to have to push forward with your purchase as soon as possible because stocks may run out at any moment.

BUY NOW

Read more
Early Prime Day deal: Samsung’s 27-inch Odyssey G3 at its annual low price
Samsung Odyssey G3 gaming monitor on desk with keyboard and headset.

If you're ready to upgrade your monitor, this Samsung deal over at Amazon just might be your best bet. The 27-inch version of Samsung's Odyssey G3 is $130 right now, a full $100 off its regular $230 price and its lowest price of the year. It's a part of early Prime Day deals and a good sampling of what we can expect for the shopping holiday, which officially lands on July 8th. Tap the button below to see it for yourself or keep reading to see why we like this deal and why this should be your next monitor.

Buy Now

Read more