How security-conscious is this?

[cugone]

By definition an emulator is designed to replicate third-party hardware/software including bugs.

The Ruffle's documentation makes no mention (that I've found) that it actually fixed the security issues that cause Flash to be discontinued in the first place.

Can you confirm that Ruffle is safe?

[Herschel]

Hi,

We seek to be accurate; however, we will not emulate any bugs that cause security issues, and will fix any security issues as we become aware.

Ruffle is written in the Rust programming language, which has a heavy focus on memory safety and should avoid large classes of the Flash Player's security issues. This does not preclude issues in unsafe third party libraries that Ruffle may use (such as audio/video decoders).

Ruffle on web is subject to the security restrictions of modern web browsers and is sandboxed by the JS and WebAssembly runtimes. Exploits here would be exploits in the browser itself. Currently network requests are allowed, so if you run an SWF that makes network requests, data could be sent to a third-party, subject to browser restrictions (see #3042 for more information).

Ruffle on desktop is an application that runs on the user's PC, and thus has a larger surface area and may be more vulnerable. It can also make network requests similar to the web version. Desktop Ruffle currently does not obey the local security sandboxes that the Flash Player obeyed; this means that a malicious SWF running in desktop Ruffle could load a local file, and then send the data to a third-party server.

Ruffle is alpha-quality software. It is being rapidly developed and has not been audited. Use at your own risk. I do NOT recommend it for mission-critical or security-sensitive infrastructure. Specifically, it is NOT recommended to run untrusted SWF content through Ruffle. Malicious SWFs could make network requests, exfiltrate data, play annoying sounds, or hang the user's browser.