Say What, Flash is More Secure Than HTML5?!
So my favorite script kiddy and copycat, Feross (copied, note the shameless “I discovered” in his Quora post, LoL) Found a social engineering flaw in the HTML5…
All posts
Flash Security
14 postsW
Webcam ClickJacking Revived
Two weeks ago this guy managed to revive my 3 years old Webcam ClickJacking POC and also managed to revive some of the buzz surrounding it. The revived attack…
F
Flash Private Browsing Fixed - Not Good Enough
I was going to congrat Adobe for their fix to the private browsing in Flash, this was my original text: I’m glad to say that Adobe has fixed the minor issue…
A
About the 16 Months Flash Crash Bug
Recently, reports of an old bug in the Flash Player surfaced again. Claiming this bug, that enabled a developer to crash the player, were already reported 16…
K
Kiss And Tell What Is The User Browsing Mode
To know if the user is currently in normal or private browsing mode can be valuable info for any ads providers and spammers, but not only. With the upcoming…
M
Malicious camera spying using ClickJacking
Update: Adobe has fixed this issue by framebusting the Settings Manager pages. Now, 99.9% of the users are protected from this specific exploit. Congrats on…
Thanx for not killing the Flash clipboard
Recently, a questionable Flash feature of writing to the user’s clipboard has been exploited. Adobe will finally fix this feature and it’ll require user…
Encapsulating CSRF attacks inside massively distributed Flash movies - Real world example
Update: Added a sterilized demo and the source code. CSRF (Cross Site Request Forgery) is considered one of the most widely spread exploits in websites today.…
Bug in Internet Explorer security model when embedding Flash
Update: I’ve posted a real world example of this bug being exploited. This one has the same behavior on IE6, IE7 and IE8 betas. I have only tested this with…
M
Mysteries Flash exploit is hijacking the clipboard?
Update: Adobe Product Security Incident Response Team (PSIRT) has referred to this “Clipboard attack” Update 2: Aviv Raff has updated me about the fact that it…
X
XP SP3 downgrade the Flash Player
Update:Apparently SP3 doesn’t downgrade the player. It’ll only install an older version 9.0.115 if you don’t have the latest 9.0.124 already installed,…
S
Security flaws in FLA files
FLA is one of these file format that we’re used to freely open without any fear. Our complete confidence is going to change since a new exploit has been found.…
S
Social Engineering Exploits using Flash
Apparently Adobe has fixed the bug I’ve found that enables a swf file to crash the browser, with the last version of the Flash Player (9,0,115,0). I don’t know…
Too much focus will kill you
I’ve just came across of a way to kill the Flash player with a few lines of AS 2.0. I know of at least one other way of killing the Flash player along with…