Adobe has issued an update to its Flex software development kit (SDK), repairing a vulnerability that might cause developers to create applications liable to cross-site scripting attacks.
Flex SDK is an open source software development framework utilized by developers to create applications which can function on desktops, on smartphones and on tablet devices. The vulnerability affects Flex SDK version 4.5.1 and earlier and three.6 and earlier running on Windows, Macintosh and Linux.
Many applications built with the sooner versions of the Flex SDK are liable to cross-site scripting attacks, Adobe warned. In its security bulletin issued Wednesday, Adobe said developers should verify whether any Flash (.swf) files of their applications are vulnerable, and update any vulnerable .swf files by fixing them or completely rebuilding them using an updated SDK.
The software vendor issued a technical note recommending developers repair applications built with Flex or rebuild them after upgrading to the most recent SDK.
“To minimize the impact on your Flex projects, Adobe has released numerous different fixed versions of the Flex SDK, enabling you to switch each of your vulnerable versions of the SDK with a set version it is nearly identical, except for the fix itself,†Adobe said.
Adobe warned that the safety fix can cause issues with applications that use ModuleLoader to load modules from different domains.
~Robert Westervelt
Nessun commento:
Posta un commento
Comments links could be nofollow free