The Secret Life of ActionScript

Presented at Summercon 2016, July 15, 2016, noon (50 minutes).

Adobe Flash continues to be a popular target for attackers in the wild. As an increasing number of bug fixes and mitigations are implemented, vulnerabilities in increasingly obscure corners of Flash are coming to light. This presentation describes the attack surface of Flash, with a focus on recently discovered vulnerabilities.

It will start with an overview of Flash vulnerabilities found in the past year, and discuss how the most common types of vulnerabilities work, the potential for future vulnerabilities in these areas and methodologies for finding them. It will also cover some recently reported vulnerabilities that are less typical, their discoverability and exploitability.

This talk will also discuss recent Flash and platform mitigations, and how they impact bug quality and discoverability.

Presenters:

• Natalie Silvanovich
  Natalie Silvanovich is a security researcher on Google Project Zero. She has spent the last seven years working in mobile security, both finding security issues in mobile software and improving the security of mobile platforms. Outside of work, Natalie enjoys applying her hacking and reverse engineering skills to unusual targets, and has spoken at several conferences on the subject of Tamagotchi hacking. She is actively involved in hackerspaces and is a founding member of Kwartzlab Makerspace in Kitchener, Ontario, Canada. @natashenka

Links:

• https://www.summercon.org/archives/2016/presentations.html#actionscript

Similar Presentations:

• REcon 2016 / More Flash, More Fun!
• REcon 2012 / Inside AVM
• Black Hat USA 2016 / The Year in Flash