Link Search Menu Expand Document

Type Juggling

  1. Type Juggling
    1. Description
    2. Impact
    3. Prevention
    4. Testing

Description

Type Juggling (also known as Type Confusion) vulnerabilities are a class of vulnerability wherein an object is initialized or accessed as the incorrect type, allowing an attacker to potentially bypass authentication or undermine the type safety of an application, possibly leading to arbitrary code execution.

Impact

A successful Type Juggling attack can result in the complete compromise of the confidentiality, integrity, and availability of the target system. For example, the type confusion vulnerability CVE-2015-0336 in Adobe Flash Player allows an attacker to execute arbitrary code, which could lead to unauthorized access or the modification of data.

Prevention

In development, it is essential to ensure that resources are initialized and accessed as the intended type.

In statically-typed languages, take extra care where type casting occurs, using the strictest cast or type possible (i.e., in the case of handling a subclass, cast to the subclass rather than the parent). In a dynamically-typed language, type casting can occur implicitly, for example, in PHP "0e1" == "0" evaluates to true, as 0e1 is cast to the integer 0. In these cases, it is important to use strict comparators such as === in PHP.

Testing

Verify that data is strongly typed and validated against a defined schema. Verify also that strict comparison is used wherever possible and that objects cannot be initialized with or accessed through the incorrect type.


Table of contents