The vulnerability Yibelo discovered allows a local attacker to hijack permissions granted to other Flash applets because the Flash Player fails to implement the same-origin policy correctly. Servers in a domain specified in a crossdomain.xml file can read any resource on the server where the policy file resides. If it isn't enforced, a script could read, use or forward data hosted on any webpage, including cookies and session data.Īlthough Flash Player's default security model enforces the same-origin policy, it can make exceptions if a website hosts a cross-domain policy file - an XML document called crossdomain.xml, which specifies how data on a domain can be accessed by a Flash application hosted on a remote domain. This enables users to visit different sites without them being able to interfere with their sessions from other sites. The same-origin policy ensures the protocol, port and host exactly match before resources from one domain can access resources from another.įor instance, a browser will allow the page at to access the document object model (DOM) of a document retrieved from, but not the DOM from a document retrieved from or, as the host name is different in the first case, and the protocol and port are different in the second.
The same-origin policy security mechanism plays a vital role in the web application security model, as it restricts web content in one domain from interacting with resources from another domain.
What is adobe flash player is it safe do i need install#
The vulnerability is easy to exploit, as an attacker doesn't require special privileges or authentication, so it's essential that administrators install the necessary patches to mitigate the attack. Flash Player versions 23.0.0.207 and earlier, as well as 11.2.202.644 and earlier, are all vulnerable. Tracked as CVE-2016-7890, it has a CVSS v3 base score of 9.8, placing its severity rating as critical.
Bug hunter Paulos Yibelo discovered the security bypass vulnerability in Adobe Flash Player's implementation of the same-origin policy.
0 kommentar(er)
