Adobe issues security warning for Adobe Flex SDK


Adobe issues security warning for Adobe Flex SDK

Warwick Ashford

Adobe has announced a vulnerability in Adobe Flex SDK 4.5.1, earlier 4.x versions, Adobe Flex SDK 3.6 and earlier 3.x versions on the Windows, Macintosh and Linux operating systems.

This vulnerability could lead to cross-site scripting issues in Flex applications, Adobe said in a security bulletin.


Adobe recommends users of the affected SDKs update their software, verify whether any SWF files in their applications are vulnerable and update any vulnerable SWF files using the instructions and tools provided.

Adobe rates the vulnerability as important and recommends users apply the latest update.  

Users of Adobe Flash Builder 4.5.x can update to Flash Builder 4.6. Other Flash Builder users should update their Flex SDK and note instructions related to data visualisation components and automated testing support in the tech note.

The security warning comes a day after Adobe released the latest 4.6 version of the free Flex SDK and its commercial IDE Flash Builder.

This will likely be the last version of the Flex SDK to be released under Adobe governance, as the SDK will now be transitioning to Apache, according to

Developers from Adobe will continue to contribute to the Flex SDK as usual, but non-Adobe developers will also be able to contribute code to the SDK and decide its roadmap, the report said.

The Flex 4.6 SDK itself comes with a number of new features and support for the latest Flash Player 11 and AIR 3 runtimes, and the latest iOS 5 and Android platforms.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy