Skip to main content

Adobe and Google join forces to strengthen Flash defenses against hacks

new defenses make flash more difficult to hack shutterstock 189107936
Image used with permission by copyright holder
A series of cyber attacks targeting Adobe’s Flash Player has led to a strengthening of the company’s defenses, according to Ars Technica. With such an immense user base, Flash has become an obvious target, and a susceptible one, for hackers seeking to inconvenience the largest audience possible.

As a result, a vast assortment of software engineers at Adobe and Google have scurried to shore up the vulnerabilities in Google’s Chrome browser, by far the most popular in terms of global market share. These changes, detailed in a blog post on Thursday, are said to have structurally modified the way Flash interacts with the operating systems installed on many PCs, thereby diminishing the likelihood of attacks.

Recommended Videos

Two major alterations have been added to Flash, one of which is not exclusive to Google Chrome and the other of which is exclusive, but will be added to other browsers come August.

Please enable Javascript to view this content

The Chrome-only mitigation consists of a new partition added to the heap, a rather sizable collection of computer memory designed to isolate different objects from one another. As a result, one object in the memory pool cannot be exploited by hackers in order to meddle with others.

If heap partitioning had been included in Flash before the exploits were deployed, they would have been much more difficult to carry out. To be specific, the exploits performed by the attackers were accomplished by modifying the “Vector.” object after clearing some of the heap that it inhabited.

As a result, the attackers were able to infect computer memory, installing malware on the corresponding computer. A diagram below from Google Project Zero team members Mark Brand and Chris Evans illustrates how the breaches were executed.

Thanks to the new design embedded below, a portion of unmapped space, referred to as “no man’s land,” is positioned between the Flash heap and System heap, making exploitation clearly more difficult.

To take full advantage of Google’s new security measure, make sure that you’re using the 64-bit version of Google Chrome if you’re on a 64-bit computer since the number of memory addresses in the 32-bit version pales in comparison. To check what version of Chrome you’re running, enter chrome://chrome in your address bar. Unless you see the string “64-bit” in the resulting window, you’re on the 32-bit version of Google Chrome and you may want to resolve this by switching to 64-bit to avoid security threats.

A second security effort, presented by Adobe, ensures that the attacker cites a validation secret prior to revising Vector objects. This preventive measure aims to protect users of 32-bit browsers and serves as a superlative demonstration of what researchers refer to as “defense in depth.” Adhering to this ideology, the Project Zero team is currently taking further action to ensure optimal protection against hackers. This includes browser sandboxes and compiler-based mitigations.

Gabe Carey
Former Digital Trends Contributor
A freelancer for Digital Trends, Gabe Carey has been covering the intersection of video games and technology since he was 16…
We now know why AMD chose to delay RDNA 4 — well, kind of
AMD announcing FSR 4 during CES 2025.

AMD hasn't been very forthcoming when it comes to information about its RX 9000 series GPUs, but we just got an update as to why the cards won't be available until sometime in March. The company cites software optimization and FSR 4 as the two reasons why it most likely decided to delay the launch of RDNA 4. But is that all there is to it, or is AMD waiting to see some of Nvidia's best graphics cards before pulling the trigger on the RX 9070 XT?

The update comes from David McAfee, AMD's vice president and general manager of the Ryzen CPU and Radeon graphics division. A couple of days ago, McAfee took to X (Twitter) to announce that AMD was excited to launch the RX 9000 series in March. This caused a bit of an uproar, with many enthusiasts wondering why AMD was choosing to wait so long.

Read more
What power supply do you need for the RTX 5090 and RTX 5080?
The RTX 5090 sitting on top of the RTX 4080.

Nvidia’s new RTX 50-series GPUs represent a leap forward in gaming and content creation, but they also push the boundaries of what’s expected from your power supply. The RTX 5090 and RTX 5080, will be the first two models available for purchase starting January 30, and are expected to deliver improved performance over its predecessors -- you can already see that in action in our RTX 5090 review.

However, with great power comes greater demands on your power supply. If you're planning to upgrade to either of these next-generation graphics cards, it’s crucial to know what kind of PSU (Power Supply Unit) you need. Ensuring your PSU meets or exceeds the recommended specifications is critical for avoiding crashes, ensuring system stability, and maintaining long-term reliability.

Read more
Gaming mouse goes up in flames, nearly causes apartment fire
A burned Gigabyte moue as posted by a user on Reddit

Think you have one of the best gaming mice? Think again. A Reddit user recently reported a concerning incident involving their Gigabyte M6880X gaming mouse, which allegedly caught fire spontaneously, filling their apartment with black smoke and causing significant property damage.

The user who goes by the unser name lommelinn, shared images showing the melted mouse, burn marks on the desk, and a destroyed mouse pad. They recounted discovering the device "burning with large flames," which they quickly extinguished. Despite their swift action, the room was left covered in black particles, affecting other equipment, including a modular synthesizer.

Read more