Internet Security Systems - AlertCon(TM)

Digging Deep Into The Flash Sandboxes at Black Hat USA 2012

Posted by Mark Yason and Paul Sabanal on July 16, 2012 at 12:22 PM EDT.

Mark Yason here from the IBM X-Force Advanced Research Team. Just wanted to announce that Paul Sabanal and I will be speaking at the Black Hat USA 2012 conference next week in Las Vegas.

We will be talking about the three different Adobe Flash Player sandbox implementations:

1. Flash Player Protected Mode For Firefox (Firefox Flash)
2. Flash Player Protected Mode For Chrome (Chrome Flash)
3. Flash Player Protected Mode For Chrome Pepper (Pepper Flash)

The first part of our talk will cover the internals of each Flash sandbox implementation where we will dig deep into the sandbox mechanisms at work. The second part of our talk will cover sandbox security where we will discuss the limitations/weaknesses of each Flash sandbox implementation followed by a discussion of potential avenues for a sandbox escape. Throughout the discussions, we will also be pointing out differences between each implementation. And finally, we will wrap up our talk by demonstrating a Flash sandbox escape where you will witness and more importantly, understand how Flash sandbox escape magic is done - in Vegas!

We are very excited to share with you the results our research. If you’re interested, please stop by at our talk!

Comments or opinions expressed on this Weblog are the opinions of the authors alone. They are not necessarily reviewed in advance by anyone but the individual authors, and neither IBM Internet Security Systems nor any other party necessarily agrees with them. The views expressed by outside contributors and links to outside websites do not represent the views of IBM Internet Security Systems, its management or employees. All content on this Weblog has been made available on an “as-is” basis, and IBM Internet Security Systems shall not be liable for any direct or indirect damages arising out of use of this Weblog.