I’m deploying a web app built on AIR. The app consists of a main swf, which loads smaller swfs in as modules.
When someone downloads my .air installer file, they could treat it like a zip file and explore it or decompress it as one. They could switch any one of the swfs inside with a malicious one. Couldn’t someone hypothetically download my .air file, unzip it, swap one of my modular swfs with one that does harm, rezip it and distribute it as my program? :look:
