Safari in Mavericks makes Flash more secure via sandboxing
A blog post from Adobe platform security strategist Peleus Uhley explains that the new version of Safari in Mavericks is actually safer than before, thanks to sandboxing. That finally puts Mavericks Safari in the same boat as Internet Explorer, Firefox and Chrome, writes CNet.
Uhley explained that Flash Player is now protected by an OS X App Sandbox, which limites the access software has to system resources and data. Sandboxing Flash makes Mavericks systems more secure against malicious Flash exploits, and poorly programmed Flash apps. Uhley writes:
For the technically minded, this means that there is a specific com.macromedia.Flash Player.plugin.sb file defining the security permissions for Flash Player when it runs within the sandboxed plugin process. As you might expect, Flash Player’s capabilities to read and write files will be limited to only those locations it needs to function properly. The sandbox also limits Flash Player’s local connections to device resources and inter-process communication (IPC) channels. Finally, the sandbox limits Flash Player’s networking privileges to prevent unnecessary connection capabilities.
That's not the only benefit for Safari in Mavericks. Safari also implements a new Safari Power Saver feature that keeps Flash objects embedded on web pages from loading arbitrarily, until you specifically give Safari permission to do so.