Adobe has issued an update to its Flex software development kit (SDK), repairing a vulnerability that could cause developers to create applications susceptible to cross-site scripting attacks.
Flex SDK is an open source software development framework used by developers to create applications that can function on desktops, on smartphones and on tablet devices. The vulnerability affects Flex SDK version 4.5.1 and earlier and 3.6 and earlier running on Windows, Macintosh and Linux.
Many applications built with the earlier versions of the Flex SDK are vulnerable to cross-site scripting attacks, Adobe warned. In its security bulletin issued Wednesday, Adobe said developers should verify whether any Flash (.swf) files in their applications are vulnerable, and update any vulnerable .swf files by fixing them or completely rebuilding them using an updated SDK.
The software vendor issued a technical note recommending developers repair applications built with Flex or rebuild them after upgrading to the latest SDK.
“To minimize the impact to your Flex projects, Adobe has released numerous different fixed versions of the Flex SDK, enabling you to replace each of your
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to searchSecurity.in you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of searchSecurity.in is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
vulnerable versions of the SDK with
a fixed version that is nearly identical, aside from the fix itself,” Adobe said.
Adobe warned that the security fix could cause issues with applications that use ModuleLoader to load modules from different domains.
~Robert Westervelt