Adobe Flash Player has just been updated to version 11.3 on PC, Linux and Mac (OS X 10.6 & newer) systems. There are quite a lot of updates to the plug-in including “major features, enhancements and bug fixes related to stability, performance”. Notably seven “priority 2” security vulnerabilities are fixed. Priority 2 is a vulnerability for which there are no currently known exploits in the wild.
The headline new features in this 11.3.300.257 version of Flash Player are; full screen keyboard input, protected sandbox mode for Firefox (Windows version) and 3D texture streaming. Also the Mac version has caught up with the PC version's ability to silently update the plug-in, from now on.
If you are a Firefox user on PC it will be reassuring to have the sandbox mode enabled to protect against malicious SWF files. Adobe explain; “This feature is comparable to the Flash Player Protected Mode in Google Chrome browser, Protected Mode in Adobe Reader, and Office 2010 Protected View. Protected Mode is enabled by default whenever you view Flash Player files in Firefox, reducing the risk of potential security threats on client systems via persistent malware. When Protected Mode is on, Flash Player files are displayed in a restricted environment called a sandbox.”
Of the seven security vulnerabilities resolved, one was a “binary planting” issue in the Flash Player installer. Hackers can use this vulnerability to load a malicious file with the same name as an expected DLL file. The exploit is also sometimes called “DLL load hijacking” which makes use of Windows apps which don’t always specify a full path for the requested DLLs.
As well as those new features and security patches a number of bugs have also been fixed which will hopefully make Flash more stable and less crash-prone. It is because of all the Flash plug-in crashes that Windows alerted me (little flag in notification area) to try to update the Flash plug-in this morning and I found this major update.
Version 11.3.300.257 of Flash Player is for users of these operating systems; Windows 7 (32-bit and 64-bit), Vista, XP, 2008, 2003, Linux (32-bit and 64-bit), Mac OS X 10.6, 10.7 (Snow Leopard, Lion). You can find out what version you are running now by visiting this page. For Mac OS 10.8 Mountain Lion to be able to install or update Flash Player they set Gatekeeeper to trust apps from “Mac App Store and identified developers”.