====================================================================

                                  CERT-Renater

                    Note d'Information No. 2016/VULN319
_____________________________________________________________________

DATE                : 14/09/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Windows, Mac OS X running Adobe AIR SDK & Compiler
                        versions prior to 23.0.0.257.

=====================================================================
https://helpx.adobe.com/content/help/en/security/products/air/apsb16-31.html
____________________________________________________________________

Security update available for Adobe AIR SDK & Compiler

Release date: September 13, 2016

Vulnerability identifier: APSB16-31

Priority: 3

CVE number: CVE-2016-6936

Platform: Windows and Macintosh

Summary

Adobe has released a security update for Adobe AIR SDK & Compiler. This
update adds support for secure transmission of runtime analytics for
AIR applications on Android. Developers are encouraged to recompile
captive runtime bundles after applying this update.


Affected Versions


Product 			Affected Versions 	Platform

Adobe AIR SDK & Compiler 	22.0.0.153 and earlier 	Windows and Macintosh


Solution

Adobe categorizes this update with the following priority rating and
recommends users update their installation to the newest version:

Product 			Updated Versions 	Platform 	Priority rating Availability

Adobe Air SDK & Compiler 	23.0.0.257 		Windows 	3 		AIR Developer Center

Adobe recommends developers using the AIR SDK & Compiler update to
version 23.0.0.257 by visiting the AIR developer center. After
updating, developers are encouraged to recompile captive runtime
bundles to enable this support.


Vulnerability Details

This update adds support for secure transmission of runtime analytics
for AIR applications on Android (CVE-2016-6936).


Acknowledgments

Adobe would like to thank Nightwatch Cybersecurity for reporting this
issue and for working with Adobe to help protect our customers.


==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================