Adobe Flex 4.6 and 3.6, and all Apache Flex versions do not have this vulnerability. If you have deployed on Adobe 4.5.1 and earlier or 3.5 and earlier and did not patch your deployed apps or upgrade to the fixed SDKs, then you have exposed yourself and your users with this vulnerability, which is the point of the article you linked to. Apparently, not enough folks reacted as they should have.
-Alex On 11/23/15, 8:32 AM, "mscharp1" <sch...@comcast.net> wrote: >http://securityaffairs.co/wordpress/35234/hacking/adobe-cve-2011-2461.html > >This just got flagged by my company's security group. I don't know if >they >actually tested anything or just saw this. Has this been mitigated by >apache's versions of flex? > >Thanks > > > >-- >View this message in context: >http://apache-flex-development.2333347.n4.nabble.com/Does-Apache-s-version >-of-Flex-solve-cve-2011-2461-tp50268.html >Sent from the Apache Flex Development mailing list archive at Nabble.com.
