We recently launched Figma plugins, the next phase of our platform efforts. As those of you who read our engineering blog post know, we did a lot of research to figure out how to safely run 3rd-party code on figma.com. We eventually settled on a technology called the Realms shim to do this.
A little over two weeks ago, several independent vulnerabilities were recently discovered with the Realms shim that could have allowed code inside the sandbox to escape. We promptly fixed the vulnerabilities, and after auditing all published Figma plugins we have no evidence that the vulnerabilities were ever exploited by a Figma plugin. We then went further and made a fundamental change to our technology stack to help prevent this type of vulnerability from happening again in the future. Please read the remainder of this post for more details.
Before we talk about the vulnerabilities, it’s useful to have background on the security principles of Figma plugins.
Figma seeks to ensure that plugins can:
Figma seeks to ensure that plugins can’t:
Figma's Organization tier has an additional security feature: administrators can configure a whitelist of plugins that are allowed inside the organization. This can be used to prevent untrusted plugins from being run in any file in that organization.
There were two rounds of vulnerability disclosures, one published as a public GitHub issue and the rest published as a private GitHub security advisory. Please refer to this blog post. Had these vulnerabilities been exploited, the restrictions that Figma puts on plugins (described above) could have been bypassed.
Agoric, the team that makes the Realms shim, promptly notified us once the first vulnerability was disclosed and worked closely with us and with other companies that use the Realms shim to make sure the fixes were rolled out responsibly to minimize risk. All fixes have now finished rolling out and all details about the vulnerabilities have now been made public.
To ensure the security of our users, the main actions we took were to:
First, we prevented new plugins from being published to the community hub. We can do that by simply halting plugin reviews, since all new Figma plugins have to be manually reviewed and approved by us before they appear in the community hub for people to install. It's worth noting that our manual review process is about plugin user experience. We do not rely on human reviews to audit newly-published plugins for security as audits can produce false negatives. We instead use a sandbox to enforce a security boundary.
We also completely disabled publishing updates to existing plugins. This ensures that if a plugin developer with existing plugins was aware of a vulnerability, they could not exploit it. This was especially important as plugin code in Figma is live, which means updates to existing plugins instantly propagate to all open clients.
The first vulnerability was published as a public GitHub issue, and therefore needed to be patched immediately. Fortunately, Agoric moved fast and had a fix on the same day. We applied the fix to Figma’s copy of the Realms shim and it went out with the next deploy.
The remaining vulnerabilities were disclosed in a private GitHub security advisory that only a few affected parties had access to. We were able to deploy a solution to those the following week. However, we waited before talking about the vulnerability publicly. With security advisories, the standard practice is to set a public disclosure date that gives enough time for affected parties to apply the patch while also acting as a deadline to make sure the vulnerability is patched promptly.
As such, we worked with Agoric to ensure that these issues remained private until after we had fully rolled out our fixes. We also did an audit of published plugin code and discovered no evidence that these vulnerabilities had ever been exploited by a Figma plugin.
Why have we decided to keep using our backup plan, even though all vulnerabilities in the Realms shim have been fixed? We're actually very happy with the fact that we can switch back and forth between a Realms-based security model and a VM-based security model, but it comes at a cost. It is disruptive to us, and more importantly, disruptive to our developers. For now, it feels like the right call is to stick with the VM-based approach, which is somewhat slower for certain plugins, but intrinsically more secure. As Realms matures and evolves, we will always be able to switch back when the time is right.
Saturday, Sept 14th: - The first vulnerability was disclosed on a GitHub issue - Figma stopped approving new plugins
Tuesday, Sept 17th: - Figma deployed the patch for the first vulnerability
Wednesday, Sept 18th: - Figma disabled publishing updates to existing plugins
Wednesday, October 2nd: - Agoric made all vulnerabilities public - This post was published