Adobe issues security warning for Adobe Flex SDK


Adobe issues security warning for Adobe Flex SDK

Warwick Ashford

Adobe has announced a vulnerability in Adobe Flex SDK 4.5.1, earlier 4.x versions, Adobe Flex SDK 3.6 and earlier 3.x versions on the Windows, Macintosh and Linux operating systems.

This vulnerability could lead to cross-site scripting issues in Flex applications, Adobe said in a security bulletin.


Adobe recommends users of the affected SDKs update their software, verify whether any SWF files in their applications are vulnerable and update any vulnerable SWF files using the instructions and tools provided.

Adobe rates the vulnerability as important and recommends users apply the latest update.  

Users of Adobe Flash Builder 4.5.x can update to Flash Builder 4.6. Other Flash Builder users should update their Flex SDK and note instructions related to data visualisation components and automated testing support in the tech note.

The security warning comes a day after Adobe released the latest 4.6 version of the free Flex SDK and its commercial IDE Flash Builder.

This will likely be the last version of the Flex SDK to be released under Adobe governance, as the SDK will now be transitioning to Apache, according to

Developers from Adobe will continue to contribute to the Flex SDK as usual, but non-Adobe developers will also be able to contribute code to the SDK and decide its roadmap, the report said.

The Flex 4.6 SDK itself comes with a number of new features and support for the latest Flash Player 11 and AIR 3 runtimes, and the latest iOS 5 and Android platforms.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

COMMENTS powered by Disqus  //  Commenting policy