It took 11.2th version for Adobe Flash Player

By YGN Ethical Hacker Group -
It took 11.2th version for Adobe Flash Player to implment secure automatic update to prevent users from being exploited.






All previous versions

 All previous versions of the Updater program asked user to manually install the update, which did not always guarantee the update would actually be installed. It even had "Don't remind me" feature to users. These reasons may indicate the reason Flash exploits  have been top successful exploits among black undergrounds.

 

Past Flash Exploits

http://osvdb.org/search?search%5Bvuln_title%5D=adobe+flash&search%5Btext_type%5D=alltext

IDDisc DateTitle
807072012-03-28Adobe Flash Player / AIR NetStream Class Unspecified Memory Corruption
807062012-03-28Adobe Flash Player / AIR Unspecified ActiveX Control URL Security Domain Checking Memory Corruption
798172012-03-05Adobe Flash Player Matrix3D Unspecified Memory Corruption
798182012-03-05Adobe Flash Player Unspecified Integer Errors Information Disclosure
793002012-02-15Adobe Flash Player Unspecified Remote Memory Corruption
792962012-02-15Adobe Flash Player Unspecified XSS



Comments

Post a Comment

Popular posts from this blog

Bypassing referrer check with no script involved

By YGN Ethical Hacker Group -
No more to use scripting approach like https://github.com/knu/noreferrer This useful meta tag helps for CSRF POC preparation when you come across an application that checks referrer header: <meta name="referrer" content="no-referrer"> https://caniuse.com/#feat=referrer-policy
Read more

Jumping out of Touch Screen Kiosks

By YGN Ethical Hacker Group -
Image
Background: Nowadays, the use of large touch screen kiosks has been prevalent.  They are to replace tradition paper-based brochures and to provide more interactive means to consumers. In restaurants, you can see a variety of food menu that can be accessible in large touch screen LCD monitor.  In your local Telcos, you can see a variety of mobile and Internet subscriptions plans.   Behind these touch screen menus are running standalone or browser-mode Adobe Flash applications which are second-to-none for interactivity and scalablity and ease of update. Data could be pulled from somewhere round their centralized web severs. Weakness: Jumping out We cannot use  iKat  at first as we do not have access to any keyboard facility. However, the trick is no-brainer. Do long press on any locations and relieve.  You should see the usual Flash context menu like: Touch "Global Settings".  A web browser window will pop up and redirect to the Adobe ...
Read more