Yes AIR applications are vulnerable to the same web application
vulnerabilities. But AIR applications are more powerful than the usual
web applications, look at this [1] emphasis on the system access
stuff. The browser is replaced by AIR DLLs and a executable template.

[1] 
<http://bp2.blogger.com/_gScM6JZQQqQ/R6Q1ow1ViSI/AAAAAAAAAHc/YweMXeu2IMo/s1600-h/tongits0.png>

On Mon, Feb 25, 2008 at 2:18 PM, Paul Ferguson <[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>  Hash: SHA1
>
>
> - -- "Eduardo Tongson" <[EMAIL PROTECTED]> wrote:
>
>  >You don't run AIR inside a browser. This is similar to Flash
>  >applications compiled to exe. Basically you can program desktop
>  >applications using Flash, JS etc. A sample application/game developed
>  >in AIR I looked at [1].
>  >
>  >[1] <http://blog.eonsec.com/2008/02/tongits-is-in-air.html>
>  >
>
>  - From the description the InfoWorld article of the AIR application
>  developed & used by NASDAQ:
>
>
>  http://www.infoworld.com/article/08/02/24/adobe-air_1.html
>
>  ...it sounds very much like a "widget" -type of application,
>  pulling content from a third-party location.
>
>  If this is true, then I see a wide adoption of this (as we already
>  see with widgets on social networking sites, etc.), as well as
>  wide-spread possibility for exploitation.
>
>
>  - - ferg
>
>  -----BEGIN PGP SIGNATURE-----
>  Version: PGP Desktop 9.6.3 (Build 3017)
>
>  wj8DBQFHwl3Lq1pz9mNUZTMRAr/5AJ4iJf6bwko2mwweUfAmsfhd1Ef8IACgheR0
>  fITbFeyAQAYxhxovZw+VfFo=
>  =rprJ
>
>
> -----END PGP SIGNATURE-----
>
>
>  --
>  "Fergie", a.k.a. Paul Ferguson
>   Engineering Architecture for the Internet
>   fergdawg(at)netzero.net
>   ferg's tech blog: http://fergdawg.blogspot.com/
>
>
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Reply via email to