Xu and his collaborators claim that binding code can be vulnerable to inconsistent semantics and various security gaps, which could lead to severe vulnerabilities. Using Cooper, the researchers were able to identify CVE-2021-21035 and CVE-2021-21028, two severe vulnerabilities in Adobe Acrobat.
Cooper’s developers were able to find these errors because the cooperative mutation technique simultaneously modifies the script code and the related document objects to explore various binding code paths. This is an innovative approach and contrasts with other security techniques based on finding flaws in scripts.
Cooper has three main components:
- Object clustering: To begin, Cooper analyzes the given sample documents to extract native objects. to reduce the object search space the tool classifies objects according to their attributes
- Relationship inference: Subsequently, the tool produces a large number of documents by combining different object classes and API groups, recording the execution results of the built-in scripts. based on the success rate of script execution and the distribution of object classes cooper infers the relationships between api groups and object classes
- Relationship-guided mutation: Finally, Cooper leverages the inferred relationship to guide object selection, script generation, and object mutation
Cooper can be described as a fuzzing tool, capable of inferring relationships to guide the process of finding conditions under which scripts and applications engage in unwanted behavior.
The tool is available on the official platforms of the developers.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.