When Microsoft developed the Modern version of Internet Explorer 10 for Windows 8, it also decided to do away with support for third party plug-ins. However, Microsoft also worked with Adobe to integrate Flash support in that same version of IE, without the traditional plug-in model. This week, Adobe offered up some more information about that partnership, specifically on the security improvements that have been put into Flash for IE10.
In a blog post, Adobe stated that having Flash updated for IE10 via Windows Update is a big help in terms of security, saying that "enterprises can now distribute Flash Player updates for Windows 8 through their existing Windows OS patch management workflows." The addition of Enhanced Protected Mode in IE10 also helps make the browser, and Flash Player, more secure. Adobe says:
One is that all content processes will run as 64-bit processes. This means that Flash Player will also be run as a 64-bit process which will make heap sprays more difficult. The larger address space makes it more difficult to predict the memory location of the spray with a decent statistical likelihood.
IE10 on Windows 8 uses AppContainers, which is supposed to limit both read and write access to the OS. Because Flash Player has been integrated into IE10, it also is protected by the same AppContainers features. Microsoft has also added Flash Player into IE11 for the upcoming Windows 8.1 update. Adobe says it will continue to work with Microsoft to make IE and Flash more secure for its users.