Thanks to the recent string of zero-day vulnerabilities, Adobe has been busy at work modifying the architecture and strengthening the defenses of how Flash operates:
At the moment, the defenses are fully implemented only in the Flash version included in Google Chrome, having made their debut earlier this week. One of the two mitigations is available in other versions of Flash, and the remaining one is expected to be added to other browsers in August. Had they been widely available earlier, they likely would have blunted the effects of at least some of the three most recent zero-day vulnerabilities, which were leaked following the thorough hack of Hacking Team, the malware-as-a-service provider that catered to governments around the world. To block entire classes of new exploits, Adobe engineers, with the help of their counterparts at Google’s Project Zero team, have made two key changes, which were documented in a blog post published Thursday.
The first, which is currently available only in Chrome, is a new partition added to the heap, which is a large pool of computer memory. The partition isolates different types of memory contents, typically known as objects, from each other so one can’t be used to hijack or otherwise tamper with another. Heap partitioning has long been a mainstay in Chrome and other browsers. Now it’s a key defense in Flash.
Had heap partitioning been a part of Flash earlier, it would have significantly complicated some of the exploits that recently came to light in the Hacking Team breach. That’s because the exploits modified the “Vector.” object after a portion of heap where it had resided was freed. The tampering allowed the attackers to inject malicious code into computer memory and from there install their malicious software on the underlying computer. Similar Vector. tampering was also a part of separate, in-the-wild exploitsfrom earlier this year