funsec mailing list archives
Re: Yet Another Emerging Web 2.0 Security Threat: Adobe Integ rated Runtime (AIR)
From: "Eduardo Tongson" <propolice () gmail com>
Date: Mon, 25 Feb 2008 14:41:40 +0800
Yes AIR applications are vulnerable to the same web application vulnerabilities. But AIR applications are more powerful than the usual web applications, look at this [1] emphasis on the system access stuff. The browser is replaced by AIR DLLs and a executable template. [1] <http://bp2.blogger.com/_gScM6JZQQqQ/R6Q1ow1ViSI/AAAAAAAAAHc/YweMXeu2IMo/s1600-h/tongits0.png> On Mon, Feb 25, 2008 at 2:18 PM, Paul Ferguson <fergdawg () netzero net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- "Eduardo Tongson" <propolice () gmail com> wrote: >You don't run AIR inside a browser. This is similar to Flash >applications compiled to exe. Basically you can program desktop >applications using Flash, JS etc. A sample application/game developed >in AIR I looked at [1]. > >[1] <http://blog.eonsec.com/2008/02/tongits-is-in-air.html> > - From the description the InfoWorld article of the AIR application developed & used by NASDAQ: http://www.infoworld.com/article/08/02/24/adobe-air_1.html ...it sounds very much like a "widget" -type of application, pulling content from a third-party location. If this is true, then I see a wide adoption of this (as we already see with widgets on social networking sites, etc.), as well as wide-spread possibility for exploitation. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHwl3Lq1pz9mNUZTMRAr/5AJ4iJf6bwko2mwweUfAmsfhd1Ef8IACgheR0 fITbFeyAQAYxhxovZw+VfFo= =rprJ -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Yet Another Emerging Web 2.0 Security Threat: Adobe Integ rated Runtime (AIR) Paul Ferguson (Feb 24)
- Re: Yet Another Emerging Web 2.0 Security Threat: Adobe Integ rated Runtime (AIR) Eduardo Tongson (Feb 24)
- Re: Yet Another Emerging Web 2.0 Security Threat: Adobe Integrated Runtime (AIR) Richard M. Smith (Feb 25)
- Re: Yet Another Emerging Web 2.0 Security Threat: Adobe Integrated Runtime (AIR) Andre Ludwig (Feb 25)
- Re: Yet Another Emerging Web 2.0 Security Threat: Adobe Integrated Runtime (AIR) Richard M. Smith (Feb 25)
- Re: Yet Another Emerging Web 2.0 Security Threat: Adobe Integrated Runtime (AIR) Andre Ludwig (Feb 25)
- Re: Yet Another Emerging Web 2.0 Security Threat: Adobe Integrated Runtime (AIR) Andre Ludwig (Feb 25)
- <Possible follow-ups>
- Re: Yet Another Emerging Web 2.0 Security Threat: Adobe Integ rated Runtime (AIR) Paul Ferguson (Feb 25)
- Re: Yet Another Emerging Web 2.0 Security Threat: Adobe Integ rated Runtime (AIR) Richard M. Smith (Feb 25)