Digging Deep Into the Flash Sandboxes

Explore the intricate world of Flash sandboxing technology in this Black Hat USA 2012 conference talk. Delve into the internals of three sandbox implementations for Adobe's Flash Player: Protected Mode Flash for Chrome, Protected Mode Flash for Firefox, and Pepper Flash. Gain insights into the high-level architecture of each sandbox implementation, understanding the roles of different processes and their interconnections. Examine the internal sandbox mechanisms, including restrictions, IPC protocols, and services exposed by higher-privileged processes. Analyze the security aspects, current limitations, and weaknesses of each implementation, and discover potential avenues for sandbox bypasses or escapes. Compare and contrast the various differences between these implementations throughout the presentation. Witness demonstrations of Flash sandbox escape vulnerabilities uncovered during the research process.

Introduction
Overview
Targets
Sandbox Architecture
Sandbox Mechanism
Sandbox Restrictions
Interprocess Communication
Services Exposed
Policy Engine
Sandbox Limitations
Sandbox Escapes
Demo