Security → Re: New flash attack has no real 'fix': 'everyone is vulnerable'

The browser process and any other processes started from the sandboxed browser will be sandboxed.

If you enter programs under Restrictions > Start/Run Access then these program are not allowed to run at all

So your saying that this exploit triggers a drive by download (remote execution)? If so, it can be easily stopped.

I'd also like a clearer picture because from what I've read and could understand it sounds like this is a browser/plug-in only vulnerability that can steal your info. In that case, limiting executable wouldn't help.

Running executables & downloading is all done within the sandbox....Stealing info, etc...is not prevented though, IMHO, since programs have read-access to ressources which are outside the sandbox....

I haven't checked but maybe Sandboxie can be configured to even limit that access...the question is how much this will restrict/hinder usability....

Thanks for your reply! I do have Sbie configured to block access to my D: partition but I guess this flaw can grab cookies and other credentials (whatever that means).

If this flaw only exposes "session information" then Sandboxie, HIPS or other anti-executables would be useless. If the flaw triggered a drive-by download then they would stop the executable.

I believe this is referring to flash cookies, that are saved with flash data and settings. Those are not the same as browser cookies.

Upieper, if you look at the wording of the dialog, it's au contraire: only the programs you list are allowed to run; i.e., it's a whitelist, not a blacklist. (Although if nothing is listed, anything can run.)

Flash cookies go into the sandbox, where they can be read by anything that's part of the current browser process,* it seems.

*Edit: Or running in that sandbox.

yep...you're right, it's a whitelist

UP