Advisory: Adobe Air 1.1 JavaScript execution security vulnerability
18 Nov 2008
Adobe released a patch and bulletin for an issue I reported back in May. The issue is really in WebKit, and many products seem to be affected.
A vulnerability has been identified in Adobe AIR 1.1 and earlier that could allow an attacker who successfully exploits this potential vulnerability to execute untrusted JavaScript with elevated privileges. An Adobe AIR application must load data from an untrusted source to trigger this potential vulnerability. In addition, AIR 1.5 includes a Flash Player update to resolve the critical issues outlined in Flash Player Security Bulletin APSB08-22, as well as issues included in Flash Player Security Bulletins APSB08-20 and APSB08-18. Adobe recommends AIR customers update to Adobe AIR 1.5. These issues are remotely exploitable.