pacsec hype security team: 7 words of warning about Macromedia Flash Player 9+



Advisory:

"The new Flash player adds network functions!"

Details:

With a minor amount of fanfare "binary socket" support has been
added to Flash Player 9 / ActionScript 3.0. The Flash sandbox model
is primarily focused on preventing modifications to the local system,
and thus there are many ways to bypass the only-connect-back-upstream
and port<1024 limitations on the SWF applet Socket() class. A
(potentially malicious) server can override the limit with a
cross domain policy file on the server, or it can be overriden
locally at the player with a global setting/policy change, or
by configuring the applet as trusted.

Adobe has a paper on flash security configuration at:
http://www.adobe.com/devnet/flashplayer/articles/flash_player_9_security.pdf

The potential for network misuse possible in Flash just went up
several orders of magnitude, and as the Adobe site triumphantly
proclaims, it's apparently in use at 97.3% of networked computers.
I'll avoid some of the more exotic scenarios, lest they give
anyone some bad ideas - and leave this caveat at this warning.

Audited the trusted Flash applets on your system lately?

Forewarned is Forearmed.

cheers,
--dr

--
World Security Pros. Cutting Edge Training, Tools, and Techniques
Tokyo, Japan November 27-30 2006 http://pacsec.jp
pgpkey http://dragos.com/ kyxpgp



Relevant Pages

  • [Full-disclosure] pacsec hype security advisory: seven words of warning about Flash player nine.
    ... PacSec Hype Security Team Advisory: ... "The new Flash player adds network functions!" ... The potential for network misuse possible in Flash just went up ...
    (Full-Disclosure)
  • Re: network flash update question
    ... Is there a good how-to on this (setting up a network flash server) or did you piece it together from different sections? ... "Dean Ramsier" wrote: ... > the flash was exposed as a network file system that allowed for the update ...
    (microsoft.public.windowsce.platbuilder)
  • [VulnWatch] pacsec hype security team: 7 words of warning about Macromedia Flash Player 9+
    ... "The new Flash player adds network functions!" ... With a minor amount of fanfare "binary socket" support has been ... The potential for network misuse possible in Flash just went up ...
    (VulnWatch)
  • >>>> INSTALL FLASH <<<<
    ... Can't Install Flash Without Administrative Privileges ... Install Flash Player ... Install Adobe Flash Player ...
    (talk.politics.misc)
  • Re: Some controls cant be activated
    ... First, if I View> Toolbars> Control Toolbox and then click on the "More Controls" button, both "Shockwave Active X Control" and "Shockwave Flash Object" are listed. ... I downloaded and ran the Flash Player uninstaller from Adobe and then rebooted. ... you may want to manually download the installer for use ...
    (microsoft.public.powerpoint)