Adobe Flash Player 11 and Reader security - Interview with Brad Arkin

Filed Under: Adobe, Adobe Flash, Featured, Podcast, Privacy, Vulnerability

MicrophoneAdobe's Senior Director for Product Security and Privacy, Brad Arkin, joined me for an interview on Tuesday to discuss the security improvements in Flash Player 11 and the current state of Adobe Reader/Acrobat security.

When I last spoke with Brad, Adobe was preparing to launch Adobe Reader X with it's new sandbox technology.

Brad and I began by discussing the release of Flash Player 11 on October 4th and what's new security-wise in this new release.

Brad explained that Flash applications will now be able to use SSL socket connections to securely communicate over the network.

Flash Player will now provide access to your operating system's cryptography APIs as well. This enables the use of a proper pseudo-random number generator for instances where greater security is required.

Flash is now available in a 64 bit binary as well, and will take advantage of 64 bit ASLR (Address Space Layout Randomization) where available.

We also discussed the state of Reader security. Brad commented that no known malware has been able to escape the jail implemented in version 10 (X).

While this may not hold true forever, it is a major accomplishment considering how many attacks using PDFs we have seen the last few years.

Brad encouraged organizations to establish a plan on how they can move to Reader X, as updates can be deployed on a predictable schedule which reduces TCO.


(4 October 2011, duration 23:07 minutes, size 15.8 MBytes)

You can also download this podcast directly in MP3 format: Interview with Brad Arkin on Flash Player 11 and Reader security, subscribe on Stitcher, iTunes or our RSS feed.

, , , ,

You might like

One Response to Adobe Flash Player 11 and Reader security - Interview with Brad Arkin

  1. ou_est_Orianne · 646 days ago

    Funny to see security discussion about Adobe while you must use an obsolete 10.x flashplugin on linux with old AMD processor.
    Since nine month (april 2012), flash linux 11.2 have a bug in SSE2 instruction set usage.
    Secure solution by Adobe : use old unmaintened version 10....
    Bravo !
    google : linux flash sse2

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.