Digging Deep Into The Flash Sandboxes at Black Hat USA 2012
Posted by Mark Yason and Paul Sabanal on July 16, 2012 at 12:22 PM EDT.
Mark Yason here from the IBM X-Force Advanced Research Team. Just wanted to announce that Paul Sabanal and I will be speaking at the Black Hat USA 2012 conference next week in Las Vegas.
We will be talking about the three different Adobe Flash Player sandbox implementations:
1. Flash Player Protected Mode For Firefox (Firefox Flash)
2. Flash Player Protected Mode For Chrome (Chrome Flash)
3. Flash Player Protected Mode For Chrome Pepper (Pepper Flash)
The first part of our talk will cover the internals of each Flash sandbox implementation where we will dig deep into the sandbox mechanisms at work. The second part of our talk will cover sandbox security where we will discuss the limitations/weaknesses of each Flash sandbox implementation followed by a discussion of potential avenues for a sandbox escape. Throughout the discussions, we will also be pointing out differences between each implementation. And finally, we will wrap up our talk by demonstrating a Flash sandbox escape where you will witness and more importantly, understand how Flash sandbox escape magic is done - in Vegas!
We are very excited to share with you the results our research. If you’re interested, please stop by at our talk!