Adobe and Google join forces to strengthen Flash defenses against hacks

new defenses make flash more difficult to hack shutterstock 189107936
A series of cyber attacks targeting Adobe’s Flash Player has led to a strengthening of the company’s defenses, according to Ars Technica. With such an immense user base, Flash has become an obvious target, and a susceptible one, for hackers seeking to inconvenience the largest audience possible.

As a result, a vast assortment of software engineers at Adobe and Google have scurried to shore up the vulnerabilities in Google’s Chrome browser, by far the most popular in terms of global market share. These changes, detailed in a blog post on Thursday, are said to have structurally modified the way Flash interacts with the operating systems installed on many PCs, thereby diminishing the likelihood of attacks.

Two major alterations have been added to Flash, one of which is not exclusive to Google Chrome and the other of which is exclusive, but will be added to other browsers come August.

The Chrome-only mitigation consists of a new partition added to the heap, a rather sizable collection of computer memory designed to isolate different objects from one another. As a result, one object in the memory pool cannot be exploited by hackers in order to meddle with others.

If heap partitioning had been included in Flash before the exploits were deployed, they would have been much more difficult to carry out. To be specific, the exploits performed by the attackers were accomplished by modifying the “Vector.” object after clearing some of the heap that it inhabited.

As a result, the attackers were able to infect computer memory, installing malware on the corresponding computer. A diagram below from Google Project Zero team members Mark Brand and Chris Evans illustrates how the breaches were executed.

Thanks to the new design embedded below, a portion of unmapped space, referred to as “no man’s land,” is positioned between the Flash heap and System heap, making exploitation clearly more difficult.

To take full advantage of Google’s new security measure, make sure that you’re using the 64-bit version of Google Chrome if you’re on a 64-bit computer since the number of memory addresses in the 32-bit version pales in comparison. To check what version of Chrome you’re running, enter chrome://chrome in your address bar. Unless you see the string “64-bit” in the resulting window, you’re on the 32-bit version of Google Chrome and you may want to resolve this by switching to 64-bit to avoid security threats.

A second security effort, presented by Adobe, ensures that the attacker cites a validation secret prior to revising Vector objects. This preventive measure aims to protect users of 32-bit browsers and serves as a superlative demonstration of what researchers refer to as “defense in depth.” Adhering to this ideology, the Project Zero team is currently taking further action to ensure optimal protection against hackers. This includes browser sandboxes and compiler-based mitigations.

Gaming

New ‘Battlefield V’ patch gives Nvidia’s ray tracing support a chance to shine

‘Battlefield V’ is the first game to use Nvidia’s ray tracing support, now available with the RTX 2080 and 2080 Ti graphics cards. The feature can, in an ideal scenario, make the game look better, but the performance hit may not be…
Computing

Edit, sign, append, and save with six of the best PDF editors

There are plenty of PDF editors to be had online, and though the selection is robust, finding a solid solution with the tools you need can be tough. Here, we've rounded up best PDF editors, so you can edit no matter your budget or OS.
Computing

Our favorite Windows apps will help you get the most out of your new PC

Not sure what apps you should be downloading for your newfangled Windows device? Here are the best Windows apps, whether you need something to speed up your machine or access your Netflix queue. Check out our categories and favorite picks.
Computing

Protect yourself from the latest malware with the best free antivirus software

Malware, spyware, and adware is never fun to find on your PC. Check out our picks for the best free antivirus software, so you can rid your system of any dangerous software that might be lurking around.
Computing

Will Chrome remain our favorite web browser with the arrival of newest version?

Choosing a web browser for surfing the web can be tough with all the great options available. Here we pit the latest versions of Chrome, Opera, Firefox, Edge, and Vivaldi against one another to find the best browsers for most users.
Computing

Changing file associations in Windows 10 is quick and easy with these steps

Learning how to change file associations can make editing certain file types much quicker than manually selecting your preferred application every time you open them. Just follow these short steps and you'll be on your way in no time.
Computing

Intel's dedicated GPU is not far off -- here's what we know

Did you hear? Intel is working on a dedicated graphics card. It's called Arctic Sound and though we don't know a lot about it, we know that Intel has some ex-AMD Radeon graphics engineers developing it.
Computing

How to easily record your laptop screen with apps you already have

Learning how to record your computer screen shouldn't be a challenge. Lucky for you, our comprehensive guide lays out how to do so using a host of methods, including both free and premium utilities, in both MacOS and Windows 10.
Computing

From beautiful to downright weird, check out these great dual monitor wallpapers

Multitasking with two monitors doesn't necessarily mean you need to split your screens with two separate wallpapers. From beautiful to downright weird, here are our top sites for finding the best dual monitor wallpapers for you.
Computing

Capture screenshots with print screen and a few alternative methods

Capturing a screenshot of your desktop is easier than you might think, and it's the kind of thing you'll probably need to know. Here's how to perform the important function in just a few, easy steps.
Computing

These cheap laptops will make you wonder why anyone spends more

Looking for a budget notebook for school, work, or play? The best budget laptops, including our top pick -- the Asus ZenBook UX331UA -- will get the job done without digging too deeply into your pockets.
Mobile

Vanquish lag for good with the best routers for gaming

Finding the best routers for gaming is no easy task. With so many out there, how do you know which to pick? We've looked at the many options available and put together a list of our lag-free favorites.
Computing

Stop your PC's vow of silence with these tips on how to fix audio problems

Sound problems got you down? Don't worry, with a few tweaks and tricks we'll get your sound card functioning as it should, and you listening to your favorite tunes and in-game audio in no time.
Product Review

It's not the sharpest tool, but the Surface Go does it all for $400

Microsoft has launched the $400 Surface Go to take on both the iPad and Chromebooks, all without compromising its core focus on productivity. Does it work as both a tablet and a PC?