It's just a very first look to AIR (Adobes Integrated Runtime) and
its possibilities to process HTML/JS. AIR is beta by now, so Adobe
may change things in the final release.
## What is AIR?
Quote from Adobe: "Adobe Integrated Runtime (AIR) is a cross-
operating system runtime that allows you to leverage your existing
and deploy Rich Internet Applications (RIAs) to the desktop."
## Some security related informations on AIR:
- The installer throws a warning about it's ability for unrestricted
system access (so it's not a real surprise what AIR apps are capable of)
- AIR uses WebKit as renderer on both supported platforms, Windows
remote services, file SQL queries and open sockets
- SWF files in the AIR application sandbox can cross-script any SWF
file from any domain
- Remote SWF files can only read files inside the security sandbox
versa I guess)
## File access
In general every file on local file system can be accessed by AIR
apps. This includes reading, writing, appending or deletion as well
as testing for file and directory existence. Another interesting
feature is the possibility to overwrite calling files inside compiled
AIR application during runtime.
## Example (only tested on OSX so far)
For this to work in a real world scenario a service used by an AIR
app must be vulnerable to a persistant XSS (or another typical
vulnerability), and the app needs to call data in a way that payloads
gets rendered and executed.
This basic example consists of 4 files:
- AIR application descriptor file: App.xml
- Calling HTML file inside the AIR app package: caller.html
- A file which just contains aliases for AIR runtime: AIRAliases.js
(part of AIR SDK)
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to firstname.lastname@example.org.