Adobe Security Bulletin

Security update available for Adobe AIR SDK & Compiler

Release date: September 13, 2016

Vulnerability identifier: APSB16-31

Priority: 3

CVE number: CVE-2016-6936

Platform: Windows and Macintosh

Summary

Adobe has released a security update for Adobe AIR SDK & Compiler. This update adds support for secure transmission of runtime analytics for AIR applications on Android. Developers are encouraged to recompile captive runtime bundles after applying this update.

Affected Versions

Product Affected Versions Platform
Adobe AIR SDK & Compiler 22.0.0.153 and earlier Windows and Macintosh

Solution

Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:

Product Updated Versions Platform Priority rating Availability
Adobe Air SDK & Compiler 23.0.0.257 Windows 3 AIR Developer Center

Adobe recommends developers using the AIR SDK & Compiler update to version 23.0.0.257 by visiting the AIR developer center. After updating, developers are encouraged to recompile captive runtime bundles to enable this support.

Vulnerability Details

This update adds support for secure transmission of runtime analytics for AIR applications on Android (CVE-2016-6936).

Acknowledgments

Adobe would like to thank Nightwatch Cybersecurity for reporting this issue and for working with Adobe to help protect our customers.