Adobe and Google Partner to Bolster Flash's Defence Against Zero-Day Attacks

Adobe Flash, the veteran media player that has earned a name for itself due to its security vulnerabilities as much as its abilities, is back in the news - but this time, for a good reason. Adobe has revealed that it worked with Google's Project Zero to patch the vulnerabilities discovered in the aftermath of a security breach of the Hacking Team.

But this isn't a regular security patch, Adobe notes. The company says that with the help of Google's security research team, it has managed to make structural changes to the way its program interacts with an operating system. The changes, Adobe claims, will significantly reduce the number of attacks against Flash Player.

One of the key changes the company made to Flash was to isolate different types of memory contents, which prevents them from interacting with each other. It did so by introducing a new partition to the heap, chunk of memory that's allocated to programs at run time. Another thing the company has introduced in Flash is the requirement to possess a validation key before any changes could be made to Vector objects - the go-to destination for hackers. The company has explained all the changes in depth via a blog post.

The patch is live in the Flash version dubbed v18.0.0.209 in Google Chrome, which started to seed late last week. You can check the Flash version inside the Chrome installed on your machine by visiting about:version inside the browser. If the Flash version isn't up to date, you can manually update your browser. You can do so by visiting chrome://chrome.

If the operating system installed in your computer is of 64-bit architecture, the company advises you to install the 64-bit build of Chrome, as in it, there are more memory addresses. "It's worth noting that this defence is much more powerful in a 64-bit build of Flash, because of address space limitations of 32-bit processes," it notes.

"It's a cat-and-mouse-game, but we'll be looking out for attackers' attempts to adapt, and devising further mitigations based on what we see," Google researchers note in the blog post. "Perhaps more importantly, we're also devising a next level of defences based on what we expect we might see. Our partitioning mitigation is far from finished. We'll be analysing object types to see what else might benefit from partitioning, and moving forward incrementally."

While it's a welcome move, at this point there is no guarantee whether tech giants will show any mercy towards Adobe's media player. The likes of Mozilla have already blocked Flash from some of their flagship products and services. Earlier this month, Facebook's new chief security officer announced that he wants to "set a date to kill Flash for once and all."