The Adobe Flash VM NULL Pointer Exploit

“A new generic method for exploiting a common problem in software code that was previously thought to be prohibitively difficult to attack is generating a wave of concern and surprise in the security community.”

http://news.bbc.co.uk/2/hi/technology/7358792.stm

This is really just another buffer overflow attack. If he is taking advantage of bugs in the VM then it’s just an old fashioned exploit.

Because the ‘code’ you execute in a Virtual Machine or Intereter does not directly access the low level runtime libraries, we assume that the programs we develop can not cause a buffer exploit. If there is an exploit then it lies in the VM itself. Its very easy in a low level language like C or C++ to allow a buffer exploit simply due to the semantics of some of the calls. You have to actively check for these issues and have some knowledge on how these exploits arise. When developing code that is executed via a VM, the onus for this checking for and blocking of this class of exploit is shifted to the application, which in this case is the VM itself.

We trust that a VM is checked and tested thoroughly and is free of these kind of bugs so that as developers we can not worry (so much) that our code has some kind of exploit.

If anything this paper simply reminds us that these VMs are just another application and if they have holes, these can be exploited.

Advertisements

About metawrap

CTO Massive Interactive. Ex Computer Whiz Kid - Now Grumpy Old Guru.
This entry was posted in Uncategorized. Bookmark the permalink.

One Response to The Adobe Flash VM NULL Pointer Exploit

  1. Will says:

    There’s some pretty interesting info from Matasano Chargen analysing this exploit.

    http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/

    The Whitepaper on the actual exploit is pretty heavy reading: http://documents.iss.net/whitepapers/IBM_X-Force_WP_final.pdf

    The scary thing about this is the wide range of target platforms – one of the comments from Mark Dowd on the Matasano Chargen blog was that he saw no reason for being able to exploit Flash 8 as well as Flash 9, and on every platform in existence.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s