December 9, 2016

Flash 11 to Add New Security Features

(LiveHacking.Com) – Adobe has announced that Flash Player 11 will be released in October and will contain lots of new  features for gaming, media and data-driven applications. It will also include several important security features.

The first major new feature Adobe are adding is support for SSL socket connections, which will make it easier for developers to protect the data they stream over the Flash Player raw socket connections.

Flash 11 will also include a new secure random number generator. Previously only a simple random number generator  was provided, it was OK for games, but it wasn’t good enough for cryptography. The new random number generator API hooks the cryptographic provider of the host device, such as the CryptGenRandom function in Microsoft CAPI on Windows, for generating the random number. The native OS cryptographic providers have better sources of entropy and have been peer reviewed by industry experts.

Flash 11 will have full native 64-bit support for 64-bit browsers on Linux, Mac OS, and Windows, as a result when Flash is used with a 64-bit browser that supports address space layout randomization (ASLR), users will be protected by full 64-bit ASLR.