IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [flash]

Risks associated with the Adobe Flash animation file format and its use on the web, as well as Flash player applications. For flash drives, use the tag flash-memory.

Adobe Flash is a file format used in websites for interactive applications and animations used on many websites. Adobe Flash Player (often in the form of a browser plugin) is the most common application used to run Flash content.

For flash drives, see the tag .

100 questions
66
votes
6 answers

Why should we care about Adobe Flash?

I was under the impression that Adobe Flash was dead, and that browsers were no longer natively supporting Flash? Why therefore, is there a large amount of hype online about a new remote code execution vulnerability in flash?
KingJohnno
  • 1,155
  • 2
  • 11
  • 19
46
votes
3 answers

For an end-user, is HTML5/JavaScript more secure than Flash?

I’m not talking about server-side security or even necessarily XSS vulnerabilities, as these are attacks on vulnerable services and do not use any pre-existing vulnerabilities on the client side to affect an end user. They will exist as long as web…
Jonathan Gray
  • 1,036
  • 7
  • 11
20
votes
2 answers

What was behind the surge of Adobe Flash Player vulnerabilities/patches in 2015?

It's no secret that 2015 was a rough year, security-wise, for Adobe's Flash Player. Aside from Adobe itself beginning to essentially deprecate Flash development largely due to Flash Player's longstanding status a primary target for attackers, the…
mostlyinformed
  • 2,715
  • 16
  • 38
19
votes
4 answers

What tools are there to inspect Flash SWF files?

I am performing a penetration test against a website that uses Flash heavily. What tools can I use to examine the SWF file for vulnerabilities? From the Area51 proposal.
AviD
  • 72,138
  • 22
  • 136
  • 218
15
votes
6 answers

Can Javascript/Flash verify the SSL connection to prevent "SSL Inspection"?

I'd like to determine if an SSL webpage is being debugged through Fiddler, or if it's going through an SSL Proxy. So some people may ask What is the point of re-validating SSL using javascript? My goal is to know when a connection is subject to…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
14
votes
2 answers

Why are Adobe Flash exploits found so often?

Over the last couple of years Adobe Flash published bug fixes for (zero-day) exploits so often, that the installation is already annoying. But why are exploits so often found in this particular software? One obvious reason: as with all widespread…
user3147268
  • 735
  • 6
  • 13
13
votes
4 answers

Preventing reverse-engineering of client application

I have a web service which is used by a Flash client. Both the service and the Flash client is produced by me (read: my company). The Flash client communicates with the server over HTTPS. One of the issues we have seen lately is that people…
Dimitrios Stergiou
  • 391
  • 3
  • 7
10
votes
3 answers

How to perform penetration testing on a Flex application?

Possible Duplicate: What tools are there to inspect Flash SWF files? I have decompiled it, verified the source. All seems fine. Appscan also is not able to find anything in this case. But I just want to be sure that I am not missing anything. It…
p_upadhyay
  • 1,121
  • 3
  • 14
  • 31
9
votes
2 answers

Secure Flash with click to play plugins in the enterprise

In the light of recent repeated critical Flash vulnerabilities there are recommendations to use browser plugins like click-to-play to prevent unnecessary Flash content from automatically loading with every Webpage. I think this is a good idea…
Sebastian B.
  • 571
  • 3
  • 7
9
votes
2 answers

Is the service join.me actually a huge security risk?

In case you don't know, there is a website called join.me which lets you do screen sharing from a browser, using a flash program that is on the web page. Until I encountered this service, I had no idea that flash was able to do screen reading, as…
Kerbie
  • 101
  • 1
  • 1
  • 4
8
votes
2 answers

What is a Flash drive by download?

I've seen many people saying how some sites can infect your computer without actually clicking anything. They said that it was a "Flash Drive By" and it would use flash to download a file of any kind. Does that really exist or could it be something…
moomonkey
  • 367
  • 2
  • 5
8
votes
2 answers

How to pentest Flash file on webapp with alowscriptaccess=samedomain?

In the course of a pentest I found a Flash movie file (swf) that loads another Flash movie through loadMovie. The HTML is this:
chmeee
  • 181
  • 1
  • 3
6
votes
1 answer

Should Flash be disabled, or are sandboxes secure enough?

Flash is a hot bed of vulnerabilities. Chrome contains a built in version of Flash, running in sandboxed mode. Obviously, this method is safer than running Flash as a plugin in either Firefox or IE. But isn't it possible to find a zero day…
Mayank Singh
  • 613
  • 1
  • 7
  • 11
6
votes
3 answers

find if 0-day flash bug was exploited (on a particular machine)

There have been several critical 0-day exploits in the past days/weeks in Flash alone. Nobody knows how long the 0-days have been exploited, and it is reasonable to expect that there are 0-days being exploited at this moment, but we don't know. The…
Martin Vegter
  • 1,826
  • 4
  • 27
  • 39
6
votes
1 answer

Detecting disabled Chrome plugins using JavaScript

My cable was on the fritz this weekend and I had to visit a friend to watch HBO online. Something weird happened that has been bothering me. I have disabled the Flash plugin on Chrome, since all websites that I use support HTML5 video playback.…
Jedi
  • 3,906
  • 2
  • 24
  • 42
1
2 3 4 5 6 7