Apple's Safari finally gets sandboxed Flash. What does that mean?

Until this week, Apple's browser didn't offer a sandboxed Flash player, while Internet Explorer, Firefox, and Chrome did. 

Reuters
Craig Federighi, Senior Vice President of software engineering at Apple, discusses the Mavericks OS during an Apple event in San Francisco this week.

Earlier this week, Apple announced it would make its new OS X Mavericks 10.9 operating system available as a free download through the App Store. 

Mavericks, named after a popular surfing spot in Northern California, isn't exactly a sweeping overhaul of the hallowed Apple OS, but it does include a rejiggered Calendar, an improved iBooks application, multiple-display support, and a spruced-up Safari. And part of that new Safari experience is a sandboxed version of Flash, the popular multimedia player. 

What is sandboxing, exactly? Well, in tech terms, it refers to protections that wall off the rest of the system from damage from potentially untrustworthy content. Adobe already offers a sandboxed Flash player on the Internet Explorer, Firefox, and Chrome browsers. But until recently, Safari was left out of party. 

In a blog post today, Peleus Uhley said the move would improve security on Safari. "For the technically minded, this means that there is a specific com.macromedia.Flash Player.plugin.sb file defining the security permissions for Flash Player when it runs within the sandboxed plugin process," Mr. Uhley wrote. "As you might expect, Flash Player’s capabilities to read and write files will be limited to only those locations it needs to function properly." 

You can download Mavericks – and the new Safari, with all the new features, including the sandboxed Flash – to your machine via this link. Is it worth it? Probably, writes Matt Peckham of Time. 

"It’s not a blanket guarantee of security, of course, since what an app needs to do can still, by design, involve access to critical or sensitive resources, but sandboxing prevents the app, or someone exploiting the app, from poking around anywhere they’re not supposed to be," he writes. "Think of it as putting the operating system’s resources behind doors with keycard access, then only handing out keycards to apps that warrant it." 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.