P16: a blog by Matt Kangas home archive
18 Apr 2008

Insane tech geekery: inside Mark Dowd's Flash bytecode exploit

Matasano Chargen » This New Vulnerability: Dowd’s Inhuman Flash Exploit

I love this quote:

If you’re not an exploit writer, think of it this way: you know that crazy version of Super Mario Brothers that Japan refused to ship to the US markets because they thought the difficulty would upset and provoke us.

I suppose you would have to have some experience in assembly-language programming to understand anything else in that blog post, but I was laughing at the writing -- Mark Dowd truly is a cyborg! Who else could think of an attack like this?

Also note the screen-shots from "Pitfall", circa Atari 2600, breaking up the otherwise dull technical writing. :)

For non-techies: this is about one specific mechanism by which "bad guys" can make "bad code" run on your computer, despite your best intentions. The fact that it occurs in the Adobe Flash Player means that many people could be vulnerable.

Note that another fellow recently won a MacBook Air by remotely taking control of the MacBook Air -- in this case, also via Flash Player vulnerabilities.

Bad Flash!