DOCSLIB.ORG

Adobe Flash Player 9 Security Flash Player 9,0,124,0

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Adobe Flash Player 9 Security Flash Player 9,0,124,0 ® ® Adobe Flash Player WHITE PAPER Adobe Flash Player 9 Security Flash Player 9,0,124,0 July 2008 Copyright © 2006-2008 Adobe Systems Incorporated. All rights reserved. The information contained in this document represents the current view of Adobe on the issue discussed as of the date of publication. Because Adobe must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Adobe, and Adobe cannot guarantee the accuracy of any information presented after the date of publication. This white paper is for information purposes only. ADOBE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. Adobe may have patents, patent applications, trademark, copyright or other intellectual property rights covering the subject matter of this document. Except as expressly provided in any written license agreement from Adobe, the furnishing of this document does not give you any license to these patents, trademarks, copyrights or other intellectual property. Adobe, the Adobe Logo, Adobe AIR, Macromedia, Flash, Flash Lite, and Flex are trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. Adobe Systems Incorporated 345 Park Avenue San Jose, CA 95110 (408) 536-6000 Contents Introduction .................................................................................................................................................................. 1 About this document .............................................................................................................................................. 1 Intended audience ................................................................................................................................................. 1 About the Flash Player client runtime ................................................................................................................. 2 About security ........................................................................................................................................................ 2 Other sources of information............................................................................................................................... .. 3 The Flash Player security environment ...................................................................................................................... 4 Stakeholders .......................................................................................................................................................... 5 Administrative user (of a particular client computer) and the user institution .......................................... 5 User (of a particular computer and programs) ............................................................................................. 5 Website administrator .................................................................................................................................... 5 Author (of a Flash application) ...................................................................................................................... 5 Overview of permission controls ........................................................................................................................... 6 Sources for potential risk ...................................................................................................................................... 7 Innocent bugs.................................................................................................................................................. 7 Other stakeholders ......................................................................................................................................... 7 Internet providers........................................................................................................................................... 7 Flash Player security architecture ............................................................................................................................... 8 Basic sandbox security model ............................................................................................................................... 8 Domain of origin ............................................................................................................................................. 9 Default permissions ...................................................................................................................................... 10 Port blocking ................................................................................................................................................. 11 Accessing data in another sandbox .............................................................................................................. 11 Permissions for specific domains ........................................................................................................................ 12 Network files ................................................................................................................................................. 12 Local files ...................................................................................................................................................... 12 Interpreters and byte code .................................................................................................................................. 15 Background ................................................................................................................................................... 15 Flash Player and byte codes ......................................................................................................................... 16 Code isolation ............................................................................................................................................... 16 Disk, memory, and processor protections ........................................................................................................... 17 Disk storage protections ............................................................................................................................... 17 Memory usage protections and processor quotas ........................................................................................ 17 Permission controls ..................................................................................................................................................... 18 Administrative user controls ............................................................................................................................... 18 The mms.cfg file ............................................................................................................................................ 18 Global Flash Player Trust directory ............................................................................................................ 20 User controls ........................................................................................................................................................ 20 Settings Manager ......................................................................................................................................... 21 Settings UI and runtime dialog boxes ......................................................................................................... 23 User Flash Player Trust directory ............................................................................................................... 26 Website controls (policy files) .............................................................................................................................. 27 URL policy files ............................................................................................................................................ 27 URL meta-policies ........................................................................................................................................ 29 Header sending permissions ........................................................................................................................ 30 Socket policy files ......................................................................................................................................... 31 Socket meta-policies ..................................................................................................................................... 32 Policy file logging .......................................................................................................................................... 33 Developer controls ............................................................................................................................................... 33 Permission mechanisms ............................................................................................................................... 33 Security.allowDomain() ................................................................................................................................ 34 Security.loadPolicyFile() .............................................................................................................................
Load more

Recommended publications
  • Thoughts on Flash
    Apple has a long relationship with Adobe. In fact, we met Adobe’s founders when they were in their proverbial garage. Apple was their first big customer, adopting their Postscript language for our new Laserwriter printer. Apple invested in Adobe and owned around 20% of the company for many years. The two companies worked closely together to pioneer desktop publishing and there were many good times. Since that golden era, the companies have grown apart. Apple went through its near death experience, and Adobe was drawn to the corporate market with their Acrobat products. Today the two companies still work together to serve their joint creative customers – Mac users buy around half of Adobe’s Creative Suite products – but beyond that there are few joint interests. I wanted to jot down some of our thoughts on Adobe’s Flash products so that customers and critics may better understand why we do not allow Flash on iPhones, iPods and iPads. Adobe has characterized our decision as being primarily business driven – they say we want to protect our App Store – but in reality it is based on technology issues. Adobe claims that we are a closed system, and that Flash is open, but in fact the opposite is true. Let me explain. First, there’s “Open”. Adobe’s Flash products are 100% proprietary. They are only available from Adobe, and Adobe has sole authority as to their future enhancement, pricing, etc. While Adobe’s Flash products are widely available, this does not mean they are open, since they are controlled entirely by Adobe and available only from Adobe.
    [Show full text]
  • Update Your Browser Software to the Most Current Version
    Update Browser Software MigovBOE Rev. 6/1/2018 DISPLAYING AND RUNNING CONTENT IN THE MICHIGAN ELECTIONS ELEARNING CENTER: *** Note – The Michigan Elections eLearning Center operates best and is most secure if you use an updated version of internet browsing software. Please update your browser software to the most current version. See the table of contents for download links for each program. TABLE OF CONTENTS Course or Form Doesn’t Load Or A New Window Doesn’t Open ..................................................................................... 1 No or Low Audio ................................................................................................................................................................ 2 Course Not Running or Displaying Graphics ..................................................................................................................... 2 Determine Your Internet Browser Software Program ........................................................................................................ 3 Google Chrome (recommended) ................................................................................................................................... 4 Mozilla Firefox (recommended) ..................................................................................................................................... 5 Internet Explorer (must be version 10 or newer) ........................................................................................................... 6 Internet Explorer (continued)
    [Show full text]
  • How to Enable Flash Player
    How to Enable Flash on Your Web Browser Many of the online courses in the UC Learning Center use the Adobe Flash Player. Locate your web browser from the list below for instructions on how to enable flash. Internet Explorer Google Chrome Mozilla Firefox Mac Safari Internet Explorer 1. Launch your Internet Explorer web browser. 2. Click the Tools icon in the upper-right corner of Internet Explorer. (The icon looks like a gear.) 3. In the pop-up menu that appears, click Manage Add-ons. 1 4. In the dialogue box that appears, select Toolbars and Extensions. 5. In the list of Add-ons, look for “Shockwave Flash Object” (another name for Flash Player). In the Status column, check to see whether Shockwave Flash Object is Disabled. If it is disabled, click the row for Shockwave Flash Object to select it. 2 6. In the lower-right corner of the Manage Add-ons dialog box, click Enable. 7. Close the Manage Add-ons dialog box. Source: https://helpx.adobe.com/flash-player/kb/install-flash-player-windows.html Google Chrome To enable Flash in Google Chrome, 1. Type the following in the URL field of a Chrome browser tab: chrome://settings/content/flash 2. On the Settings screen, make sure Flash is enabled by checking the Ask first (recommended) option. 3 3. Attempt to launch the course again. Mozilla Firefox Beginning with Firefox 52, the browser will not activate plugins (e.g. Flash Player) by default. Instead, Firefox lets you choose whether to allow a plugin to run on a website.
    [Show full text]
  • Rich Internet Applications
    Rich Internet Applications (RIAs) A Comparison Between Adobe Flex, JavaFX and Microsoft Silverlight Master of Science Thesis in the Programme Software Engineering and Technology CARL-DAVID GRANBÄCK Department of Computer Science and Engineering CHALMERS UNIVERSITY OF TECHNOLOGY UNIVERSITY OF GOTHENBURG Göteborg, Sweden, October 2009 The Author grants to Chalmers University of Technology and University of Gothenburg the non-exclusive right to publish the Work electronically and in a non-commercial purpose make it accessible on the Internet. The Author warrants that he/she is the author to the Work, and warrants that the Work does not contain text, pictures or other material that violates copyright law. The Author shall, when transferring the rights of the Work to a third party (for example a publisher or a company), acknowledge the third party about this agreement. If the Author has signed a copyright agreement with a third party regarding the Work, the Author warrants hereby that he/she has obtained any necessary permission from this third party to let Chalmers University of Technology and University of Gothenburg store the Work electronically and make it accessible on the Internet. Rich Internet Applications (RIAs) A Comparison Between Adobe Flex, JavaFX and Microsoft Silverlight CARL-DAVID GRANBÄCK © CARL-DAVID GRANBÄCK, October 2009. Examiner: BJÖRN VON SYDOW Department of Computer Science and Engineering Chalmers University of Technology SE-412 96 Göteborg Sweden Telephone + 46 (0)31-772 1000 Department of Computer Science and Engineering Göteborg, Sweden, October 2009 Abstract This Master's thesis report describes and compares the three Rich Internet Application !RIA" frameworks Adobe Flex, JavaFX and Microsoft Silverlight.
    [Show full text]
  • Protecting Online Video Distribution with Adobe Flash Media Technology
    White Paper Protecting Online Video Distribution with Adobe Flash Media Technology Table of contents Introduction 1 Introduction Online video is a growing phenomenon. Record numbers of people are going online to watch 1 Overview of Adobe video everything from user-generated videos and breaking news events to television programs and distribution solutions full-length movies. Gone are the days of waiting for a program to air; consumers can now choose 2 Best practices for effective content protection from a plethora of high-quality content, available on-demand. 2 Flash Media Server content From advertising-funded videos to subscriptions to pay-per-view, content providers are adapting protection features a variety of business models to monetize content in the online world. As an owner or distributor 3 Flash Media Server workflow of premium commercial content, such as films and TV shows, you must ensure that hackers do example 4 Persistent content protection with not bypass your business model or violate your copyrights. Flash Media Rights Management Content protection solutions help create and preserve revenue streams; maintain copyright; and Server preserve content integrity or privacy. For instance, hackers may attempt to bypass payment in a 5 Flash Media Rights Management Server content protection pay-per-view model. Others may try to rip your content for redistribution. Worse, someone features could try to make money from pirated content, or may introduce their own advertising or 5 Comparison between Flash Media branding but skip paying content licenses or bandwidth fees by piggybacking on your Rights Management Server and distribution platform. In an enterprise situation, a disgruntled employee may be tempted to post Flash Media Server valuable or private company information on public video sites.
    [Show full text]
  • Microsoft Powerpoint
    Development of Multimedia WebApp on Tizen Platform 1. HTML Multimedia 2. Multimedia Playing with HTML5 Tags (1) HTML5 Video (2) HTML5 Audio (3) HTML Pulg-ins (4) HTML YouTube (5) Accessing Media Streams and Playing (6) Multimedia Contents Mgmt (7) Capturing Images 3. Multimedia Processing Web Device API Multimedia WepApp on Tizen - 1 - 1. HTML Multimedia • What is Multimedia ? − Multimedia comes in many different formats. It can be almost anything you can hear or see. − Examples : Pictures, music, sound, videos, records, films, animations, and more. − Web pages often contain multimedia elements of different types and formats. • Multimedia Formats − Multimedia elements (like sounds or videos) are stored in media files. − The most common way to discover the type of a file, is to look at the file extension. ⇔ When a browser sees the file extension .htm or .html, it will treat the file as an HTML file. ⇔ The .xml extension indicates an XML file, and the .css extension indicates a style sheet file. ⇔ Pictures are recognized by extensions like .gif, .png and .jpg. − Multimedia files also have their own formats and different extensions like: .swf, .wav, .mp3, .mp4, .mpg, .wmv, and .avi. Multimedia WepApp on Tizen - 2 - 2. Multimedia Playing with HTML5 Tags (1) HTML5 Video • Some of the popular video container formats include the following: Audio Video Interleave (.avi) Flash Video (.flv) MPEG 4 (.mp4) Matroska (.mkv) Ogg (.ogv) • Browser Support Multimedia WepApp on Tizen - 3 - • Common Video Format Format File Description .mpg MPEG. Developed by the Moving Pictures Expert Group. The first popular video format on the MPEG .mpeg web.
    [Show full text]
  • Adobe® Media Server 5 Standard High Quality Video Playback Consistent Across Devices
    Adobe Media Server 5 Standard Datasheet Adobe® Media Server 5 Standard High quality video playback consistent across devices Step up from progressive download video delivery and deliver adaptive streams to the widest audience. Stream to iOS and Adobe Flash® Player with a single media source. Adobe Media Server 5 Standard is an economical solution that enables you to start streaming live and on demand content quickly and easily to a wide variety of platforms and devices. It provides all the features you need to stream and encrypt video and audio, providing a consistent playback across Apple iOS, Android, connected TVs, and the desktop—with a simplified workflow and better performance. New features in Adobe Media Server 5 Standard Adobe Media Server 5 Standard provides numerous video streaming innovations—over standard HTTP connections as well as RTMP delivery. • Simplified publishing workflows for HTTP streaming—Use the same source media and live streams to deliver full adaptive bitrate experiences to Adobe Flash, Android, and Apple devices. • Integration with Adobe Access 4—Enjoy protected RTMP support via a content license technology embedded in the server (Adobe Access 4 licensing server is a separate purchase). • 608/708 Closed Caption compliance—Support all avenues to increase your audience size with full support for closed caption transmission to Adobe Flash and Apple iOS devices such as the New iPad. EIA-608 (line 21) closed caption support meets FCC requirements • Reduced storage and infrastructure costs—A single MPEG-4 asset is required for each bitrate, and optional real time packaging eliminates the need to prepare content in advance.
    [Show full text]
  • Flex Resources*
    OpenStax-CNX module: m34542 1 Flex Resources* R.G. (Dick) Baldwin This work is produced by OpenStax-CNX and licensed under the Creative Commons Attribution License 3.0 Abstract The purpose of this document is to provide a list of links to online Flex and ActionScript resources to supplement the other lessons in the series. 1 Table of Contents • Preface (p. 1) • Resources (p. 1) • Miscellaneous (p. 3) 2 Preface This tutorial lesson is part of a series of lessons dedicated to programming using Adobe Flex. The purpose of this document is to provide a list of links to online Flex and ActionScript resources to supplement the other lessons in the series. note: The material in these lessons is based on Flex version 3 and Flex version 4. 3 Resources • Baldwin's Flex programming website 1 • Baldwin's ActionScript programming website 2 • Adobe Flex Home 3 • Download free open-source Adobe Flex 3.5 SDK 4 · Adobe Flex SDK Installation and Release Notes 5 · Application Deployment 6 • Download free open-source Adobe Flex 4 SDK 7 *Version 1.2: Jun 8, 2010 3:07 pm -0500 http://creativecommons.org/licenses/by/3.0/ 1http://www.dickbaldwin.com/tocFlex.htm 2http://www.dickbaldwin.com/tocActionScript.htm 3http://www.adobe.com/products/ex/?promoid=BPDEQ 4http://www.adobe.com/cfusion/entitlement/index.cfm?e=ex3sdk 5http://www.adobe.com/support/documentation/en/ex/3/releasenotes_ex3_sdk.html#installation 6http://livedocs.adobe.com/ex/3/html/help.html?content=Part3_deploy_1.html 7http://opensource.adobe.com/wiki/display/exsdk/Download+Flex+4 http://cnx.org/content/m34542/1.2/
    [Show full text]
  • Adobe Trademark Database for General Distribution
    Adobe Trademark List for General Distribution As of May 17, 2021 Please refer to the Permissions and trademark guidelines on our company web site and to the publication Adobe Trademark Guidelines for third parties who license, use or refer to Adobe trademarks for specific information on proper trademark usage. Along with this database (and future updates), they are available from our company web site at: https://www.adobe.com/legal/permissions/trademarks.html Unless you are licensed by Adobe under a specific licensing program agreement or equivalent authorization, use of Adobe logos, such as the Adobe corporate logo or an Adobe product logo, is not allowed. You may qualify for use of certain logos under the programs offered through Partnering with Adobe. Please contact your Adobe representative for applicable guidelines, or learn more about logo usage on our website: https://www.adobe.com/legal/permissions.html Referring to Adobe products Use the full name of the product at its first and most prominent mention (for example, “Adobe Photoshop” in first reference, not “Photoshop”). See the “Preferred use” column below to see how each product should be referenced. Unless specifically noted, abbreviations and acronyms should not be used to refer to Adobe products or trademarks. Attribution statements Marking trademarks with ® or TM symbols is not required, but please include an attribution statement, which may appear in small, but still legible, print, when using any Adobe trademarks in any published materials—typically with other legal lines such as a copyright notice at the end of a document, on the copyright page of a book or manual, or on the legal information page of a website.
    [Show full text]
  • Quaxe, Infinity and Beyond
    Quaxe, infinity and beyond Daniel Glazman — WWX 2015 /usr/bin/whoami Primary architect and developer of the leading Web and Ebook editors Nvu and BlueGriffon Former member of the Netscape CSS and Editor engineering teams Involved in Internet and Web Standards since 1990 Currently co-chair of CSS Working Group at W3C New-comer in the Haxe ecosystem Desktop Frameworks Visual Studio (Windows only) Xcode (OS X only) Qt wxWidgets XUL Adobe Air Mobile Frameworks Adobe PhoneGap/Air Xcode (iOS only) Qt Mobile AppCelerator Visual Studio Two solutions but many issues Fragmentation desktop/mobile Heavy runtimes Can’t easily reuse existing c++ libraries Complex to have native-like UI Qt/QtMobile still require c++ Qt’s QML is a weak and convoluted UI language Haxe 9 years success of Multiplatform OSS language Strong affinity to gaming Wide and vibrant community Some press recognition Dead code elimination Compiles to native on all But no native GUI… platforms through c++ and java Best of all worlds Haxe + Qt/QtMobile Multiplatform Native apps, native performance through c++/Java C++/Java lib reusability Introducing Quaxe Native apps w/o c++ complexity Highly dynamic applications on desktop and mobile Native-like UI through Qt HTML5-based UI, CSS-based styling Benefits from Haxe and Qt communities Going from HTML5 to native GUI completeness DOM dynamism in native UI var b: Element = document.getElementById("thirdButton"); var t: Element = document.createElement("input"); t.setAttribute("type", "text"); t.setAttribute("value", "a text field"); b.parentNode.insertBefore(t,
    [Show full text]
  • Adbe 10Q Q311- Final
    UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 _________________________ FORM 10-Q (Mark One) QUARTERLY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 For the quarterly period ended September 2, 2011 or TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 For the transition period from to Commission File Number: 0-15175 ADOBE SYSTEMS INCORPORATED (Exact name of registrant as specified in its charter) _________________________ Delaware 77-0019522 (State or other jurisdiction of (I.R.S. Employer incorporation or organization) Identification No.) 345 Park Avenue, San Jose, California 95110-2704 (Address of principal executive offices and zip code) (408) 536-6000 (Registrant’s telephone number, including area code) _________________________ Indicate by checkmark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15 (d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports) and (2) has been subject to such filing requirements for the past 90 days. Yes No Indicate by check mark whether the registrant has submitted electronically and posted on its corporate Website, if any, every Interactive Data File required to be submitted and posted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files). Yes No Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, or a smaller reporting company.
    [Show full text]
  • Flash Lite Datasheet
    Datasheet ADOBE® FLASH® LITE™ 3 DELIVER MULTIMEDIA EXPERIENCES TO MOBILE DEVICES Adobe Flash Lite 3 software is a powerful runtime engine that helps mobile and consumer electronics device manufacturers differentiate their products by delivering web browsability as well as video and interactive content to a broad range of devices. Flash Lite 3 enables developers to quickly create engaging mobile applications, speed time to market, and increase customer adoption. Experience true mobile multimedia manufacturers can easily access device data to Flash Lite 3 enables mobile and consumer enable UI personalization and customization. electronics device manufacturers to deliver For instance, device home screens can display multimedia experiences across devices, different images or content depending on allowing consumers to browse Adobe Flash locality—the same device could display Big enabled websites and enjoy video and other Ben when powered up in London, with the rich content. Flash Lite 3 devices offer access Eiffel Tower appearing when used in Paris. to dynamic applications such as interactive Customizable UIs enable manufacturers games, mobile magazines, daily comics, and mobile operators to engage subscribers screensavers, infotainment, and personal with dynamic content and target new productivity applications, plus the ability market segments. to browse websites powered by Adobe Flash Choose a proven application platform software, including vibrant sports and Flash Lite 3 is based on the Flash platform, entertainment sites. In a first for mobile which is supported by a community of devices, Flash Lite 3 also plays back FLV, two million designers and developers. The the most popular video format on the platform includes the desktop player and Internet.
    [Show full text]