Adobe Systems Inc. is working with Mozilla and Google to develop a new feature in its Flash Player browser interface...
that allows users to clear local storage in Flash.
This kind of helpful productivity data is saved on your computer, and Flash Player protects this information so that only the exact website that saved that information can access it.
group product manager, Flash PlayerAdobe Systems Inc.
The new feature is part of an overhaul of the Flash Player Settings Manager to improve usability and provide an option to set Flash Player privacy preferences, wrote Emmy Huang, group product manager for Adobe Flash Player in the company's Adobe Flash Platform blog.
"The first capability, one that we believe will have the greatest immediate impact, is to allow users to clear [locally stored objects] LSOs (and any local storage, such as that of HTML5 and other plug-in technologies) from the browser settings interface -- similar to how users can clear their browser cookies today," Huang wrote.
The goal of the redesign is to incorporate features requested by users and privacy advocates by making it easier for users to understand and manage their Flash Player settings, Huang said.
Adobe has come under constant scrutiny from security researchers as the company's Flash Player and PDF software is a favorite target of cybercriminals. The company recently released a redesign of Adobe Reader to add sandbox security features, ensuring it is isolated from certain computer processes and protocols -- a capability that makes it more difficult for attackers to successfully exploit vulnerabilities and gain access to sensitive files.
Adobe's Flash Player currently supports private browsing mode settings common in nearly all browsers. If the browser privacy setting is enabled, Flash Player automatically deletes local file storage written by websites, Huang said.
The latest move to address privacy enables users to block the ability to track their video viewing history and browsing habits. It is typically a very small amount of data, Huang said, but it enables website developers to store information on a user's computer rather than on the website owner's servers. The storage space can be used to store website login details or a visitor's site browsing history.
"Local storage allows you to store work in progress from a photo editor or productivity app, for example," Huang wrote. "This kind of helpful productivity data is saved on your computer, and Flash Player protects this information so that only the exact website that saved that information can access it."
Mozilla and Google are developing a new API called NAPI:ClearSiteData. The new API implements a method that allows browsers to request that plugins clear data. It doesn't solely focus on Adobe Flash. The API enables the browser to clear nearly all forms of data from the browser cache except credentials. It will clear local storage for any plugin that also implements the API.
The new privacy feature in Adobe's Flash Player will be available first at Google Chrome's developer preview channel for testing.
Dig Deeper on Web Application Security