Apple's Safari finally gets sandboxed Flash. What does that mean?
Until this week, Apple's browser didn't offer a sandboxed Flash player, while Internet Explorer, Firefox, and Chrome did.
Craig Federighi, Senior Vice President of software engineering at Apple, discusses the Mavericks OS during an Apple event in San Francisco this week.
Reuters
Earlier this week, Apple announced it would make its new OS X Mavericks 10.9 operating system available as a free download through the App Store.
Mavericks, named after a popular surfing spot in Northern California, isn't exactly a sweeping overhaul of the hallowed Apple OS, but it does include a rejiggered Calendar, an improved iBooks application, multiple-display support, and a spruced-up Safari. And part of that new Safari experience is a sandboxed version of Flash, the popular multimedia player.
What is sandboxing, exactly? Well, in tech terms, it refers to protections that wall off the rest of the system from damage from potentially untrustworthy content. Adobe already offers a sandboxed Flash player on the Internet Explorer, Firefox, and Chrome browsers. But until recently, Safari was left out of party.
In a blog post today, Peleus Uhley said the move would improve security on Safari. "For the technically minded, this means that there is a specific com.macromedia.Flash Player.plugin.sb file defining the security permissions for Flash Player when it runs within the sandboxed plugin process," Mr. Uhley wrote. "As you might expect, Flash Player’s capabilities to read and write files will be limited to only those locations it needs to function properly."
You can download Mavericks – and the new Safari, with all the new features, including the sandboxed Flash – to your machine via this link. Is it worth it? Probably, writes Matt Peckham of Time.
"It’s not a blanket guarantee of security, of course, since what an app needs to do can still, by design, involve access to critical or sensitive resources, but sandboxing prevents the app, or someone exploiting the app, from poking around anywhere they’re not supposed to be," he writes. "Think of it as putting the operating system’s resources behind doors with keycard access, then only handing out keycards to apps that warrant it."