Adobe Fixes Flaw in Flex SDK Framework
Adobe has patched a security flaw in its Flex SDK product that could lead to cross-site scripting attacks against some applications that were built using the SDK. The vulnerability affects versions 3.6 and below and 4.5.1 and below.
The Flex SDK is a free, open source application framework that Adobe produces to enable developers to write apps across a variety of devices and platforms. Flex can be used with other tools to build apps for iOS, Android, BlackBerry and the Web. The newly patched vulnerability affects the Flex SDK for Windows, Macintosh and Linux.
"An important vulnerability has been identified in the Adobe Flex SDK 4.5.1 and earlier 4.x versions and 3.x versions on the Windows, Macintosh and Linux operating systems. This vulnerability could lead to cross-site scripting issues in Flex applications. Adobe recommends users of the Adobe Flex SDK 4.5.1 and earlier 4.x versions, and the Adobe Flex SDK 3.6 and earlier 3.x versions update their software, verify whether any SWF files in their applications are vulnerable, and update any vulnerable SWF files using the instructions and tools provided," the Adobe advisory says.
Adobe is recommending that Flex users update their vulnerable versions of the framework as soon as possible and then go through the process of determining whether any apps built with those Flex releases are vulnerable. The company has produced a technical note that explains how to check whether apps built with Flex include vulnerable SWF files. Once a user has determined that an app is vulnerable she has two options: repair the app or patch Flex and then rebuild the app.
Adobe's tech note explains how to perform both actions, if necessary.
Actionscript tag . Donate Here . Testimonial . Join Flash Chat UserGroup . Twitter . Facebook
Last edited by FlashMove : 12-02-2011 at 03:48 AM
|Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)|
|Thread||Thread Starter||Forum||Replies||Last Post|
|Flash Builder and Flex SDK 4.6 available now||FlashMove||Flash Builder||0||12-02-2011 02:55 AM|
|Adobe donates Flex SDK to Apache Software Foundation||FlashMove||Apache Flex||0||11-19-2011 03:43 PM|
|Adobe Announces Intention to Donate Flex SDK||FlashMove||Apache Flex||0||11-12-2011 07:35 AM|
|The News From Adobe on the Future of Flash Platform||FlashMove||Chit Chat Lobby||0||11-10-2011 09:55 AM|
|21 Flex Tutorials||beedigital||Apache Flex||2||08-30-2007 03:49 AM|