Adobe releases Flex SDK security update
An important vulnerability has been identified within template files contained in the Flex 3.3 SDK and earlier versions. This vulnerability could allow an attacker to execute a reflected cross-site scripting attack on web sites using the affected code.
Adobe recommends all users of Flex 3.3 SDK and earlier versions update to the newest version, Flex 3.4 SDK, by downloading it here.
This update for Flex resolves a cross-site scripting vulnerability within the express-install templates for the Flex SDK (CVE-2009-1879).