Adobe Flash Player Vulnerable to Interceptions of Windows Credentials

By

At the beginning of August, Flash Player had to be updated again after a researcher reported an issue in the original patch. The latest version of Flash Player has been released previous to this patch and had a serious security vulnerability which would have put every user at risk by having all their credentials intercepted.

Flash Player 26 Could Have Compromised User Credentials

Bjorn Ruytenberg reported this issue after the updated Flash Player didn’t solve it. Flash Player 23 killed off a sandbox escape and Ruytenberg discovered that the update compromised the computer, exposing it to an attacker.

The attacker could have been pretty simple and it could redirect the traffic to the remote SMB server. It would also intercept Windows credentials. The attacker could also infect the computer via e-mail or sharing files with malicious Flash apps inside.

The attack will only work on Internet Explorer and Firefox (and any other program which uses them), whereas Google Chrome and Microsoft Edge are safe; the latter two will not accept Flash to connect to the SMB server.

In the older Flash version, Adobe improved their software, preventing it to connect to a remote server. But Ruytenberg was able to use an old Windows vulnerability redirecting to SMB to see if he could take advantage of the bug. Although Flash 23 wouldn’t load from SMB servers, and will reject UNC, File-style paths and those that don’t have an http/https prefix. But Ruytenberg was able to change the path by abusing the bug allowing him to Redirect-to-SMB server.

Ruytenberg was successful in forcing Flash Player to connect to a SMB server and get the user credentials from the computer which fell victim to the Flash vulnerability.

Adobe Quickly Fixed the Issue

He reported that Flash Player hasn’t been properly updated, putting users to risk. Adobe was quick to react to this report. They released this latest patch on August 8 in order to solve the severe issue and fix any security vulnerability.

You may also like