Yes AIR applications are vulnerable to the same web application vulnerabilities. But AIR applications are more powerful than the usual web applications, look at this [1] emphasis on the system access stuff. The browser is replaced by AIR DLLs and a executable template.
[1] <http://bp2.blogger.com/_gScM6JZQQqQ/R6Q1ow1ViSI/AAAAAAAAAHc/YweMXeu2IMo/s1600-h/tongits0.png> On Mon, Feb 25, 2008 at 2:18 PM, Paul Ferguson <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > - -- "Eduardo Tongson" <[EMAIL PROTECTED]> wrote: > > >You don't run AIR inside a browser. This is similar to Flash > >applications compiled to exe. Basically you can program desktop > >applications using Flash, JS etc. A sample application/game developed > >in AIR I looked at [1]. > > > >[1] <http://blog.eonsec.com/2008/02/tongits-is-in-air.html> > > > > - From the description the InfoWorld article of the AIR application > developed & used by NASDAQ: > > > http://www.infoworld.com/article/08/02/24/adobe-air_1.html > > ...it sounds very much like a "widget" -type of application, > pulling content from a third-party location. > > If this is true, then I see a wide adoption of this (as we already > see with widgets on social networking sites, etc.), as well as > wide-spread possibility for exploitation. > > > - - ferg > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.3 (Build 3017) > > wj8DBQFHwl3Lq1pz9mNUZTMRAr/5AJ4iJf6bwko2mwweUfAmsfhd1Ef8IACgheR0 > fITbFeyAQAYxhxovZw+VfFo= > =rprJ > > > -----END PGP SIGNATURE----- > > > -- > "Fergie", a.k.a. Paul Ferguson > Engineering Architecture for the Internet > fergdawg(at)netzero.net > ferg's tech blog: http://fergdawg.blogspot.com/ > > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
