Daily cyber threats and internet security news: network security, online safety and latest security alerts
November 17th, 2008

Critical Security Vulnerability Patched In Adobe AIR 1.5

Adobe AIR is vulnerable to several critical vulnerabilities that could expose users to code execution attacks. The company released AIR 1.5 with fixes for previously discussed flaws in Flash Player (which is embedded into AIR) and a patch for a separate issue that allows the execution of untrusted JavaScript with elevated privileges.

According to Adobe bulletin, the issues are all remotely exploitable. The could allow an attacker who successfully exploits the vulnerability to execute untrusted JavaScript with elevated privileges. An Adobe AIR application must load data from an untrusted source to trigger this potential vulnerability. In addition, AIR 1.5 includes a Flash Player update to resolve the critical issues outlined in Flash Player Security Bulletin APSB08-22, as well as issues included in Flash Player Security Bulletins APSB08-20 and APSB08-18. Adobe recommends AIR customers update to Adobe AIR 1.5.

Adobe recommends all users of Adobe AIR 1.1 and earlier versions upgrade to the newest version AIR 1.5 by downloading it from the AIR Download Center as soon as possible since these issues are remotely exploitable.

Share this item with others:

More on CyberInsecure:
  • Exploit Code For Unpatched Flaw In Adobe Illustrator Released
  • Buffer Overflow Critical Vulnerabilities In Adobe Reader And Acrobat
  • Critical Adobe Shockwave Player Vulnerability Affects Millions
  • Malicious Javascript Code In Another CNET Networks Website
  • Adobe Patches Older Reader PDF Flaw, In Total 8 Vulnerabilities Patched

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Critical Security Vulnerability Patched In Adobe AIR 1.5

    One Response to “Critical Security Vulnerability Patched In Adobe AIR 1.5”

    1. still exploitable 🙂

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.