Critical Security Vulnerability Patched In Adobe AIR 1.5
Adobe AIR is vulnerable to several critical vulnerabilities that could expose users to code execution attacks. The company released AIR 1.5 with fixes for previously discussed flaws in Flash Player (which is embedded into AIR) and a patch for a separate issue that allows the execution of untrusted JavaScript with elevated privileges.
According to Adobe bulletin, the issues are all remotely exploitable. The could allow an attacker who successfully exploits the vulnerability to execute untrusted JavaScript with elevated privileges. An Adobe AIR application must load data from an untrusted source to trigger this potential vulnerability. In addition, AIR 1.5 includes a Flash Player update to resolve the critical issues outlined in Flash Player Security Bulletin APSB08-22, as well as issues included in Flash Player Security Bulletins APSB08-20 and APSB08-18. Adobe recommends AIR customers update to Adobe AIR 1.5.
Adobe recommends all users of Adobe AIR 1.1 and earlier versions upgrade to the newest version AIR 1.5 by downloading it from the AIR Download Center as soon as possible since these issues are remotely exploitable.
More on CyberInsecure:
February 15th, 2012 at 11:30 am
still exploitable 🙂