A German security researcher has released an open-source tool that analyses and cleans up Flash code before playback to
prevent security holes in Adobe Flash Player from being exploited.
The tool, called “Blitzableiter” (lightning rod), is the brainchild of Felix “FX” Lindner, a well-known hacker who presented it at the 26th Chaos Communication Congress (26C3).
The H Security explains:
To prevent the frequently recurring security issues in Adobe’s software
from being exploited, the Blitzableiter tool checks SWF files for their
integrity. Embedded ActionScript code is detected, analysed and cleaned
up. The wrapper can also verify whether embedded objects such as JPEG
images comply with the specification.
In the future, Lindner plans to include the checking of embedded multimedia objects and the support of AVM2.
Here’s a link to Blitzableiter’s main project page.
