Full Disclosure mailing list archives
pacsec hype security advisory: seven words of warning about Flash player nine.
From: Dragos Ruiu <dr () kyx net>
Date: Tue, 10 Oct 2006 15:34:37 -0700
PacSec Hype Security Team Advisory: "The new Flash player adds network functions!" Details: With a minor amount of fanfare "binary socket" support has been added to Flash Player 9 / ActionScript 3.0. The Flash sandbox model is primarily focused on preventing modifications to the local system, and thus there are many ways to bypass the only-connect-back-upstream and port < 1024 limitations on the SWF applet Socket() class. A (potentially malicious) server can override the limit with a cross domain policy file on the server, or it can be overriden locally at the player with a global setting/policy change, or by configuring the applet as trusted. Adobe has a paper on flash security configuration at: http://www.adobe.com/devnet/flashplayer/articles/flash_player_9_security.pdf The potential for network misuse possible in Flash just went up several orders of magnitude, and as the Adobe site triumphantly proclaims it's apparently in use at 97.3% of networked computers. I'll avoid some of the more exotic scenarios, lest they give anyone some bad ideas - and leave this caveat at this warning. Audited the trusted Flash applets on your system lately? Forewarned is Forearmed. cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques Tokyo, Japan November 27-30 2006 http://pacsec.jp pgpkey http://dragos.com/ kyxpgp _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- pacsec hype security advisory: seven words of warning about Flash player nine. Dragos Ruiu (Oct 10)
- Re: pacsec hype security advisory: seven words ofwarning about Flash player nine. Dave "No, not that one" Korn (Oct 11)