Flash Player security

18
Flash Player Security The core of the Platform is the Flash Player

TAGS:

Transcript of Flash Player security

Page 1: Flash Player security

Flash Player Security

The core of the Platform is the Flash Player

Page 2: Flash Player security

• +12 years working with the Flash Platform(Flash, Flex, AIR, ActionScript, Flash servers and more)

• Information Security Consultant focused onweb security, wireless communications, cryptography.

• Co-founder of the AATC Activ

Alberto González

Page 3: Flash Player security

Adobe Flash Player

• A cross-platform browser-based application runtime that provides viewing of expressive applications, content and videos across browsers and operating systems.

Page 4: Flash Player security

Flash Player settings

Page 5: Flash Player security

Flash Player settings

Page 6: Flash Player security

Virus invulnerability ?

Page 7: Flash Player security

Flashback!

Page 8: Flash Player security

Flashback

• September 2011

• Trojan

• Send data like passwords, credit card numbers, etc. to malicious servers

• A botnet member

• New variant in 2012 (Java)

– Window asking for an administrative password

– Window asking you to accept a certificate from Apple

Page 9: Flash Player security

Prevention

• Install all software directly from the vendor website

– Download and install Flash Player from Adobe.com

• Install the Java update with the Software Update in MAC OS

• Check for infections at http://www.flashbackcheck.com/

Page 10: Flash Player security

Java update for MAC OS

Page 11: Flash Player security

Protect your MAC

• Use an antivirus

• Use an account without administrative privileges

• Use strong and complex passwords

• Use a web browser with sandbox to isolate external processes ( Chrome, Firefox )

• Update Java, Flash Player and Adobe Reader

• Disable connections when not in use (Airport, Bluetooth)

• Encrypt the hard drive (FileVault)

Page 12: Flash Player security

FlashPlayer behaviour in browsers

Temp

Page 13: Flash Player security

Protected mode, privacy mode and sandboxes

• Flash Player runs in protected mode

– Low-privilege processes

• Flash Player runs within a sandbox

– Limits OS permissions of Flash Player

• Flash Player runs within the browser’s sandbox

– Limited permissions on the device

Page 14: Flash Player security

Protected mode, privacy modeand sandboxes

• Flash Player supports private browsing and storage deletion options

• Security by default for webcam and microphone use

Page 15: Flash Player security

Flash Player background updater

Page 16: Flash Player security

Demo

Audio Security

Page 17: Flash Player security

More security features in Flash Player

• Support for SSL Socket connections

– SSL >= 3.0

– TLS >= 1.0

– flash.net.SecureSocket

• Secure Random Number generator

– flash.crypto.generateRandomBytes()

Page 18: Flash Player security

Questions ?

@albertx

http://albertx.mx/blog


000 Player ITAdmin - Adobe Inc....security resources” in Chapter 5, “Security Considerations.” Flash Player and deployment The following sites contain information and links to

000 Player ITAdmin - Adobe Inc....security resources” in Chapter 5, “Security Considerations.” Flash Player and deployment The following sites contain information and links to

Adobe Flash Player 9 Security

Adobe Flash Player 9 Security

Flash MP3 Player

Flash MP3 Player

Flash Camp Chennai - P2P with Flash Player 10.1

Flash Camp Chennai - P2P with Flash Player 10.1

ADOBE FLASH PLAYER 17 - Adobe · PDF file3 Last updated 4/9/2015 Chapter 2: Flash Player environment Player files and locations Adobe Flash Player is normally deployed as a browser

ADOBE FLASH PLAYER 17 - Adobe · PDF file3 Last updated 4/9/2015 Chapter 2: Flash Player environment Player files and locations Adobe Flash Player is normally deployed as a browser

Flash Player 11.1 Administration Guide

Flash Player 11.1 Administration Guide

Flash Player Administration Guide - Adobe

Flash Player Administration Guide - Adobe

Adobe Flash Platform Programs · 8 Adobe Flash Platform Programs Guidelines | Adobe Confidential | 16 December 2009 The programs: Flash Player Get Adobe Flash Player The “Get Adobe

Adobe Flash Platform Programs · 8 Adobe Flash Platform Programs Guidelines | Adobe Confidential | 16 December 2009 The programs: Flash Player Get Adobe Flash Player The “Get Adobe

ADOBE FLASH PLAYER 11 · Adobe Flash Player is normally deployed as a browser plug-in or ActiveX control. For each player environment, two versions of Flash Player are available—a

ADOBE FLASH PLAYER 11 · Adobe Flash Player is normally deployed as a browser plug-in or ActiveX control. For each player environment, two versions of Flash Player are available—a

Adobe Flash Player 9 Security Flash Player 10.0.12 Security 5 Introduction Security is a key concern of Adobe®, users, website administrators, and content developers. For this reason,

Adobe Flash Player 9 Security Flash Player 10.0.12 Security 5 Introduction Security is a key concern of Adobe®, users, website administrators, and content developers. For this reason,

Flash Player Administration Guide WHY INSTALL FLASH PLAYER? CHAPTER 1 INTRODUCTION 1.Introduction 1.1. Why install Flash Player? Adobe® Flash® Player is the software that allows

Flash Player Administration Guide WHY INSTALL FLASH PLAYER? CHAPTER 1 INTRODUCTION 1.Introduction 1.1. Why install Flash Player? Adobe® Flash® Player is the software that allows

ADOBE FLASH PLAYER 10 · 3 Last updated 6/10/2010 Chapter 2: Flash Player environment Player files and locations Adobe Flash Player is normally deployed as a browser plug-in or ActiveX

ADOBE FLASH PLAYER 10 · 3 Last updated 6/10/2010 Chapter 2: Flash Player environment Player files and locations Adobe Flash Player is normally deployed as a browser plug-in or ActiveX

Flash Player Windows8 Admin Guide

Flash Player Windows8 Admin Guide

resocia.jp · rWindows, rFlash Internet [Internet Explorer) Flash Player Flash Player Flash Player Human Copyright © 2018 Human ...

resocia.jp · rWindows, rFlash Internet [Internet Explorer) Flash Player Flash Player Flash Player Human Copyright © 2018 Human ...

ADOBE FLASH PLAYER 11® FLASH® PLAYER 11.2 Administration Guide. ... Flash Player, including development and deployment of applications. The content includes Tech Notes, articles,

ADOBE FLASH PLAYER 11® FLASH® PLAYER 11.2 Administration Guide. ... Flash Player, including development and deployment of applications. The content includes Tech Notes, articles,

Flash Player Administration Guide...FLASH PLAYER ADMINISTRATION GUIDE 5 Flash Player environment Last updated 2/6/2017 Additional files When Flash Player is installed on Windows, certain

Flash Player Administration Guide...FLASH PLAYER ADMINISTRATION GUIDE 5 Flash Player environment Last updated 2/6/2017 Additional files When Flash Player is installed on Windows, certain

Adobe Flash Player Admin Guide

Adobe Flash Player Admin Guide

Adobe® Flash® Player 30.0 Administration Guide · Why install Flash Player? Adobe® Flash® Player is the software that allows computers to play multimedia content contained in

Adobe® Flash® Player 30.0 Administration Guide · Why install Flash Player? Adobe® Flash® Player is the software that allows computers to play multimedia content contained in

P2P with Flash Player 10.1

P2P with Flash Player 10.1

Flash Player Administration Guide - Adobe · PDF fileFor the latest version of this guide, see the Adobe Flash Player Administration Guide section of the Flash Player ... † 64-bit

Flash Player Administration Guide - Adobe · PDF fileFor the latest version of this guide, see the Adobe Flash Player Administration Guide section of the Flash Player ... † 64-bit