Release date: April 21, 2016
Vulnerability identifier: APSB16-13
CVE number: CVE-2016-1036
Adobe has released a security update for the Adobe Analytics AppMeasurement for Flash library. This update resolves an important vulnerability in the AppMeasurement for Flash library that could be abused to conduct DOM-based cross-site scripting attacks when debugTracking is enabled.
Note: This issue affects AppMeasurement for Flash only when debugTracking has been enabled (debugTracking is disabled in a default configuration).
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
Adobe recommends Analytics customers using the AppMeasurement for Flash library rebuild projects with the updated library available for download from the Analytics Console. Refer to the release notes for more information.
This update resolves a vulnerability in the Adobe Analytics AppMeasurement for Flash library that could be abused to conduct DOM-based cross-site scripting attacks when debugTracking is enabled (CVE-2016-1036).