Security update available for the Adobe Analytics AppMeasurement for Flash Library

Release date: April 21, 2016

Vulnerability identifier: APSB16-13

Priority: 2

CVE number: CVE-2016-1036

Adobe has released a security update for the Adobe Analytics AppMeasurement for Flash library. This update resolves an important vulnerability in the AppMeasurement for Flash library that could be abused to conduct DOM-based cross-site scripting attacks when debugTracking is enabled.

Note: This issue affects AppMeasurement for Flash only when debugTracking has been enabled (debugTracking is disabled in a default configuration).

Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:

Adobe recommends Analytics customers using the AppMeasurement for Flash library rebuild projects with the updated library available for download from the Analytics Console.  Refer to the release notes for more information.

This update resolves a vulnerability in the Adobe Analytics AppMeasurement for Flash library that could be abused to conduct DOM-based cross-site scripting attacks when debugTracking is enabled (CVE-2016-1036).

Adobe would like to thank Randy Westergren (CVE-2016-1036) for reporting this issue and for working with Adobe to help protect our customers.