Adobe Flash for Safari in OS X Mavericks Now Sandboxed

OS X Mavericks brought a new version of Safari 7 which finally sandboxes Adobe Flash, making it much more secure and safe. Other browsers such as Google Chrome, Internet Explorer and Firefox had previously implemented sandboxing with Flash.

For the technically minded, this means that there is a specific com.macromedia.Flash Player.plugin.sb file defining the security permissions for Flash Player when it runs within the sandboxed plugin process. As you might expect, Flash Player’s capabilities to read and write files will be limited to only those locations it needs to function properly. The sandbox also limits Flash Player’s local connections to device resources and inter-process communication (IPC) channels. Finally, the sandbox limits Flash Player’s networking privileges to prevent unnecessary connection capabilities.


In essence, Adobe Flash for Safari is now more much restricted in terms of what it can execute, this protecting you from malicious flash code. The key is limiting the ability of the flash plugin to read or write files to certain files. Apple describes sandboxing as a "line of defense against the theft, corruption, or deletion of user data."


Adobe explained the technical terms behind the change, and thanked Apple for working with them on providing such a solution.

Safari users on OS X Mavericks can view Flash Player content while benefiting from these added security protections. We’d like to thank the Apple security team for working with us to deliver this solution.


You can grab OS X Mavericks for free from the Mac App Store.

via Engadget