In association with heise online

18 November 2008, 09:42

Adobe eliminates critical vulnerabilities in AIR

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe has issued security update 1.5 for AIR (Adobe Integrated Runtime) to eliminate a security vulnerability. AIR is an operating-system independent runtime environment in which local applications can be developed using web techniques. Adobe says the vulnerability could allow untrusted JavaScript to be executed with elevated privileges, though "an Adobe AIR application must load data from an untrusted source to trigger this potential vulnerability".

The AIR update also contains an update for the Flash Player components, for versions 9 and 10 of which bugfixes recently appeared (Bugfixes). With this move, Adobe has now belatedly supplied information about other, hitherto unknown security vulnerabilities that are eliminated by this update. Although Adobe gives no details, these vulnerabilities in Flash Player are alleged to have been remotely exploitable to infect a computer with malicious code. The report says all this required was visiting a web site or opening an email.

For that reason, Adobe is classifying the AIR update as critical. Users should not hesitate to install the new version.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit