Adobe has announced a vulnerability in Adobe Flex SDK 4.5.1, earlier 4.x versions, Adobe Flex SDK 3.6 and earlier...
3.x versions on the Windows, Macintosh and Linux operating systems.
This vulnerability could lead to cross-site scripting issues in Flex applications, Adobe said in a security bulletin.
Adobe recommends users of the affected SDKs update their software, verify whether any SWF files in their applications are vulnerable and update any vulnerable SWF files using the instructions and tools provided.
Adobe rates the vulnerability as important and recommends users apply the latest update.
Users of Adobe Flash Builder 4.5.x can update to Flash Builder 4.6. Other Flash Builder users should update their Flex SDK and note instructions related to data visualisation components and automated testing support in the tech note.
The security warning comes a day after Adobe released the latest 4.6 version of the free Flex SDK and its commercial IDE Flash Builder.
This will likely be the last version of the Flex SDK to be released under Adobe governance, as the SDK will now be transitioning to Apache, according to Thinkdigit.com.
Developers from Adobe will continue to contribute to the Flex SDK as usual, but non-Adobe developers will also be able to contribute code to the SDK and decide its roadmap, the report said.
The Flex 4.6 SDK itself comes with a number of new features and support for the latest Flash Player 11 and AIR 3 runtimes, and the latest iOS 5 and Android platforms.