The Year in Flash

Presented at Black Hat USA 2016, Aug. 4, 2016, 2:30 p.m. (50 minutes)

Adobe Flash continues to be a popular target for attackers in the wild. As an increasing number of bug fixes and mitigations are implemented, increasingly complex vulnerabilities and exploits are coming to light. This talk describes notable vulnerabilities and exploits that have been discovered in Flash in the past year. It will start with an overview of the attack surface of Flash, and then discuss how the most common types of vulnerabilities work. It will then go through the year with regards to bugs, exploits and mitigations. It will end with a discussion of the future of Flash attacks: likely areas for new bugs, and the impact of existing mitigations.

Presenters:

• Natalie Silvanovich - Google
  Natalie Silvanovich is a security researcher on Google Project Zero. She has spent the last seven years working in mobile security, both finding security issues in mobile software and improving the security of mobile platforms. Outside of work, Natalie enjoys applying her hacking and reverse engineering skills to unusual targets, and has spoken at several conferences on the subject of Tamagotchi hacking. She is actively involved in hackerspaces and is a founding member of Kwartzlab Makerspace in Kitchener, Ontario, Canada.

Links:

• https://www.blackhat.com/us-16/briefings.html#the-year-in-flash
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2016/The Year in Flash.mp4
• https://www.youtube.com/watch?v=F5NUvcTpoDU
• https://www.blackhat.com/docs/us-16/materials/us-16-Silvanovich-The-Year-In-Flash.pdf

Similar Presentations:

• REcon 2016 / More Flash, More Fun!
• Summercon 2016 / The Secret Life of ActionScript
• REcon 2012 / Inside AVM