Adobe Flash continues to be a popular target for attackers in the wild. As an increasing number of bug fixes and mitigations are implemented, increasingly complex vulnerabilities and exploits are coming to light. This talk describes notable vulnerabilities and exploits that have been discovered in Flash in the past year.
It will start with an overview of the attack surface of Flash, and then discuss how the most common types of vulnerabilities work. It will then go through the year with regards to bugs, exploits and mitigations. It will end with a discussion of the future of Flash attacks: likely areas for new bugs, and the impact of existing mitigations.
Natalie Silvanovich is a security researcher on Google Project Zero. She hasspent the last seven years working in mobile security, both finding securityissues in mobile software and improving the security of mobile platforms.Outside of work, Natalie enjoys applying her hacking and reverse engineeringskills to unusual targets, and has spoken at several conferences on thesubject of Tamagotchi hacking. She is actively involved in hackerspaces and isa founding member of Kwartzlab Makerspace in Kitchener, Ontario, Canada.