Overview
Explore a novel exploitation technique called Use-After-Use-After-Free (UAUAF) for UAF vulnerabilities in Adobe Flash in this 38-minute Black Hat conference talk. Discover how UAUAF transforms a UAF into a multi-class type confusion by leveraging a sequence of object occupations and releases. Learn about gaining full memory access despite recent mitigations added by Adobe. Examine real-world cases, build an exploit step-by-step, and see a Windows 10 example. Gain insights into the implications of this technique for cybersecurity professionals and developers working with Adobe Flash.
Syllabus
Introduction
Use of UAF
RealWorld Case
Build a Exploit
StepByToRage
Windows 10 Example
Conclusion
Taught by
Black Hat