"Failed: Vulnerability found, but cannot patch. Indicates that the SWF file appears to be a Flex module, not an application. "SWF is a module SWF, which is not vulnerable" Indicates that the SWF file appears to be a Flex SWF file, but does not contain the vulnerability. Indicates that the SWF file is not a Flex SWF file. Verify that the SWF file you selected is an application SWF file built with Flex. Indicates that key things expected in all application SWF files built with Flex were not found. To use the SWF-patching too, do the following:
Flex moduleloader mac os x#
If you do not have a Windows or Mac OS X system available, skip to Action II rather than using the SWF-patching tool. The SWF-patching tool is only supported on Windows and Mac OS X. (They can be vulnerable even if the tool reports no vulnerability.) If you have used a custom compiler or post-processor, skip to Action II rather than using the SWF-patching tool. SWF files built or post-processed using compilers, optimizers, or obfuscators other than an official Flex compiler from Adobe can be vulnerable. (This prodecure is described in Action II.) Also, the SWF-patching tool works by searching for a known byte sequence in a particular area of the SWF file.
Flex moduleloader update#
However, any subsequent rebuilds of your application from source code are still vulnerable unless you also update your SDK to a fixed version. You can then swap in the new file to replace the original SWF file on the deployment website.
This patch produces a patched but otherwise-identical SWF file.
Flex moduleloader install#
However, a faster, simpler way to repair your application SWF file is to install and run the provided SWF-patching tool, APSB11_25_Patch_Tool.air on your application SWF file. The most reliable way to repair your applications is to follow Action II, described later. Repair and redeply vulnerable applications. SWF files that were created without using Flex (such as files created in Adobe Flash Professional) are not vulnerable.Applications built with Flex that are AIR-based (not web-based) are not vulnerable.Applications built using any release of Flex before 3.0 are not vulnerable.However, there are rare cases in which they are vulnerable. Most applications built with Flex 4.x that were compiled in the default way (specifically, using RSL linkage) aren't vulnerable.(Versions affected include 4.0, 4.1, 4.5, and 4.5.1.) However, there are certain cases that involve the use of embedded fonts that aren't vulnerable. AIR-based applications aren't vulnerable. Web-based applications built using any release of Flex 4.x compiled using static linkage of the Flex libraries rather than RSL (runtime shared library) linkage are vulnerable.All web-based (not AIR-based) applications built using any release of Flex 3.x are vulnerable.
0 kommentar(er)
