Adobe's Senior Director for Product Security and Privacy, Brad Arkin, joined me for an interview on Tuesday to discuss the security improvements in Flash Player 11 and the current state of Adobe Reader/Acrobat security.
When I last spoke with Brad, Adobe was preparing to launch Adobe Reader X with it's new sandbox technology.
Brad and I began by discussing the release of Flash Player 11 on October 4th and what's new security-wise in this new release.
Brad explained that Flash applications will now be able to use SSL socket connections to securely communicate over the network.
Flash Player will now provide access to your operating system's cryptography APIs as well. This enables the use of a proper pseudo-random number generator for instances where greater security is required.
Flash is now available in a 64 bit binary as well, and will take advantage of 64 bit ASLR (Address Space Layout Randomization) where available.
We also discussed the state of Reader security. Brad commented that no known malware has been able to escape the jail implemented in version 10 (X).
While this may not hold true forever, it is a major accomplishment considering how many attacks using PDFs we have seen the last few years.
Brad encouraged organizations to establish a plan on how they can move to Reader X, as updates can be deployed on a predictable schedule which reduces TCO.
(4 October 2011, duration 23:07 minutes, size 15.8 MBytes)
You can also download this podcast directly in MP3 format: Interview with Brad Arkin on Flash Player 11 and Reader security, subscribe on Stitcher, iTunes or our RSS feed.Follow @chetwisniewski