As a part of an ongoing investigation on Adobe Flash SOP bypass techniques, we identified a vulnerability affecting old releases of the Adobe Flex SDK compiler. Further investigation traced the issue back to a well known vulnerability (CVE20112461), already patched by Adobe. Old vulnerability, let's move on? Not this time. CVE20112461 is a very interesting bug. As long as the SWF file was compiled with a vulnerable Flex SDK, attackers can still use this vulnerability against the latest web browsers and Flash plugin. Even with the most recent updates, vulnerable Flex applications hosted on your domain can be exploited. In this presentation, we will disclose the details of this vulnerability (Adobe has never released all technicalities) and we will discuss how we conducted a large scale analysis on popular websites, resulting in the identification of numerous Alexa Top 50 sites vulnerable to this bug. Finally, we will also release a custom tool and a Burp plugin capable of detecting vulnerable SWF applications. If you’re a breaker, you will learn a new technique and enjoy our exploits. If you’re a builder, you will learn how to mitigate this attack. In both cases, you can help us to eradicate CVE20112461. After all, Troopers is about making the world a safer place.
Luca Carettoni is a security researcher with over 12 years of experience inthe application security field. At LinkedIn, he leads a team responsible for identifying new security vulnerabilities in applications, infrastructure and open source components. Prior to that, Luca worked as the Director of Information Security at Addepar, a company that is reinventing global wealth management. Proud to be a Matasano Security alumni, he was a penetration tester for most of his career. Since many years, he has been an active participant in the security community and a member of the Open Web Application Security Project (OWASP). Luca holds a Master's Degree in Computer Engineering from the Politecnico di Milano University.
Mauro Gentile is a Security Consultant at Minded Security. He holds a Master of Science in Computer Engineering from the University of Rome "Sapienza". His professional experience is focused on application security and vulnerability research, its daily activities consist of penetration testing and source code analysis of web and mobile applications. His primary research interests are web browser security and web application security; he responsibly reported vulnerabilities to big companies and participated to bug bounty programs.