Google play and Adobe air: Security Alert: You are using a highly vulnerable version of OpenSSL

Report · Jun 12, 2014

Hello

I just got a message from google play and they said that tehre is a vulnerable version of openssl. Now since I use adobe air to do my apps I was wondering how adobe air can comunnicate with openssl?

I'm using different version of adobe air since 1 years.

Here was the complete message:

Hello,

One or more of your apps is running an outdated version of OpenSSL, which has multiple security vulnerabilities. You should update OpenSSL as soon as possible. For more information about the most recent security vulnerability in OpenSSL, please see http://www.openssl.org/news/secadv_20140605.txt.

Please note, while it's unclear whether these specific issues affect your application, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.

Regards,
Google Play Team

©2014 Google Inc.
1600 Amphitheatre Parkway
Mountain View, CA 94043

Email preferences: You have received this mandatory email service announcement to update you about important changes to your Google Play account.

Do you know how to fix that problem?

Bobby

Report · Oct 25, 2016

Yes, it should work no problem. Although you should use the latest version (AIR 23.0.0.257 as of now).

Report · Jun 01, 2016

I confirm the AIR 21.0.0.176 is working fine, I've updated to this version since Google report, and I have no alerts.

Report · Jun 16, 2016

Hi,

We have updated AIR SDK 19 with the new OpenSSL version 1.0.2f. Please visit Find and download archived versions of Adobe AIR SDK and download AIR SDK 19.0.0.249. Please let us know in case of any issues.

Thanks,

Ankit

Adobe AIR Team

Report · Mar 08, 2017

In addition to the OpenSSL issue, could you please address the TLS 1.2 issue on Android. Since secureSockets don't work, we are unable to connect to any secure server to get and send data.