« CIA legend claims Belfast and Dublin major centres of industrial espionage | Main | MPack Reveals Stingy Web Hosts »

Security on AIR: Local file access through JavaScript

Fukami has published a post to The Web Security Mailing List outlining some risks with Adobe's AIR platform. I can tell you first hand that these sorts of applications are going to start popping on on many large sites in the next year....

"In general every file on local file system can be accessed by AIR apps. This includes reading, writing, appending or deletion as well as testing for file and directory existence. Another interesting feature is the possibility to overwrite calling files inside compiled AIR application during runtime."

Post Link: http://www.webappsec.org/lists/websecurity/archive/2007-07/msg00001.html


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!