Bypass the Security Sandbox!

11 Jan

As we all know, the Flash Player sandbox was meant to prevent SWF files from reading local files or communicating with the network in any way, thereby blocking many types of malicious attacks. In Adobe’s own words, “assures the user that local data cannot be leaked out to the network or otherwise inappropriately shared.”

I’m sure that at least a few of you have had tough time with this Security Sandbox thing, especially when we try to test something locally, before upload it to the server. Anyways,  we have Mr. Billy Rios, a Security Researcher who discovered “an easy way to bypass Flash’s local-with-file system sandbox.”

However, Adobe rated the vulnerability as “moderate”. The reason could be the potential difficulty of translating the vulnerability into a malicious exploit.

The SWF files can’t call JavaScript or make direct HTTP or HTTPS requests, but they can make file requests to a remote server. Rios tapped the mhtml protocol handler that’s built into Windows 7. This will launch with no warning to the user. With mhtml, it’s not a big deal to bypass the Flash sandbox and send data to a remote server without a user ever knowing that the exploit occurred.

Now, someone in Adobe is gonna have some sleepless nights!

Leave a comment

Posted by on January 11, 2011 in Adobe, Adobe Flash, Adobe Flex, Bugs, Flash


Tags: , , , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: