Posted by Jann Horn on May 29
Summary:
Flash by design allows local SWF files to read arbitrary local files, but
prevents communication with remote servers. By smuggling data through a timing
side-channel, this can be circumvented, allowing local SWF files to exfiltrate
the contents of arbitrary local files to the internet.
Some more details:
Flash runs normal local SWF files under local-with-file-system restrictions,
which are documented at
<…