Treffer: FLASH IN THE DARK: ILLUMINATING THE LANDSCAPE OF ACTIONSCRIPT WEB SECURITY TRENDS AND THREATS.

As one of the foremost scripting languages of the World Wide Web, Adobe's ActionScript Flash platform now powers multimedia features for a significant percentage of all web sites. However, its popularity and complexity have also made it an attractive vehicle for myriad malware attacks over the past six years. Despite the perniciousness and severity of these threats, ActionScript has been significantly less studied in the scholarly security literature than the other major web scripting language - JavaScript. To fill this void and stimulate future research, this paper presents a systematic study of Flash security threats and trends, including a finer-grained taxonomy of Flash software vulnerability classes, a detailed investigation of over 700 Common Vulnerability and Exposure (CVE) articles reported between 2008-2016, and an examination of the fundamental research challenges that distinguish Flash security from other web technologies. The results of these analyses provide researchers, web developers, and security analysts a better sense of this important attack space, and identify the need for stronger security practices and defenses for protecting users of these technologies. [ABSTRACT FROM AUTHOR]