As we all know, the Flash Player sandbox was meant to prevent SWF files from reading local files or communicating with the network in any way, thereby blocking many types of malicious attacks. In Adobe’s own words, “assures the user that local data cannot be leaked out to the network or otherwise inappropriately shared.”
I’m sure that at least a few of you have had tough time with this Security Sandbox thing, especially when we try to test something locally, before upload it to the server. Anyways, we have Mr. Billy Rios, a Security Researcher who discovered “an easy way to bypass Flash’s local-with-file system sandbox.”
However, Adobe rated the vulnerability as “moderate”. The reason could be the potential difficulty of translating the vulnerability into a malicious exploit.
Now, someone in Adobe is gonna have some sleepless nights!