Highlighted

Google play and Adobe air: Security Alert: You are using a highly vulnerable version of OpenSSL

Explorer ,
Jun 12, 2014

Copy link to clipboard

Copied

Hello

I just got a message from google play and they said that tehre is a vulnerable version of openssl. Now since I use adobe air to do my apps I was wondering how adobe air can comunnicate with openssl?

I'm using different version of adobe air since 1 years.

Here was the complete message:

Hello,

One or more of your apps is running an outdated version of OpenSSL, which has multiple security vulnerabilities. You should update OpenSSL as soon as possible. For more information about the most recent security vulnerability in OpenSSL, please see http://www.openssl.org/news/secadv_20140605.txt.

Please note, while it's unclear whether these specific issues affect your application, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.

Regards,
Google Play Team

©2014 Google Inc.
1600 Amphitheatre Parkway
Mountain View, CA 94043

Email preferences: You have received this mandatory email service announcement to update you about important changes to your Google Play account.

Do you know how to fix that problem?

Bobby

TOPICS
Performance issues

Views

33.5K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Google play and Adobe air: Security Alert: You are using a highly vulnerable version of OpenSSL

Explorer ,
Jun 12, 2014

Copy link to clipboard

Copied

Hello

I just got a message from google play and they said that tehre is a vulnerable version of openssl. Now since I use adobe air to do my apps I was wondering how adobe air can comunnicate with openssl?

I'm using different version of adobe air since 1 years.

Here was the complete message:

Hello,

One or more of your apps is running an outdated version of OpenSSL, which has multiple security vulnerabilities. You should update OpenSSL as soon as possible. For more information about the most recent security vulnerability in OpenSSL, please see http://www.openssl.org/news/secadv_20140605.txt.

Please note, while it's unclear whether these specific issues affect your application, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.

Regards,
Google Play Team

©2014 Google Inc.
1600 Amphitheatre Parkway
Mountain View, CA 94043

Email preferences: You have received this mandatory email service announcement to update you about important changes to your Google Play account.

Do you know how to fix that problem?

Bobby

TOPICS
Performance issues

Views

33.5K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Jun 12, 2014 4
128 Replies 128
LEGEND ,
Jun 12, 2014

Copy link to clipboard

Copied

Are you sure this message comes from Google?  Have you looked at the message headers?  It should tell you the originating IP address.

Also, what is the actual address in the link in that message?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 12, 2014 0
New Here ,
Jun 12, 2014

Copy link to clipboard

Copied

I also get an email like that.

what to do, please help

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 12, 2014 0
New Here ,
Jun 12, 2014

Copy link to clipboard

Copied

I received this email as well.  Does anyone know what is causing this, or how to solve it?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 12, 2014 0
New Here ,
Jun 12, 2014

Copy link to clipboard

Copied

Me too, just received the message from google play just now, it seems like adobe air's problem..

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 12, 2014 0
Community Beginner ,
Jun 12, 2014

Copy link to clipboard

Copied

I got this message earlier today. I'm just wondering is the openssl invoked by my ANE or the adt packaging? I just upgraded my openssl which was ver 0.9.8 to the latest 1.0.1h on my mac, but I'm not sure if it helps. Now I'm digging into my ANE…..

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 12, 2014 0
Adobe Employee ,
Jun 12, 2014

Copy link to clipboard

Copied

Hi All,

Please update AIR SDK to our latest version 14.0.0.110 available at Download Adobe AIR SDK , please let us know if you will face any problem.

Regards,

Nimit

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 12, 2014 0
Community Beginner ,
Jun 12, 2014

Copy link to clipboard

Copied

I got the same message and my app were produced with Flash Professional CC via Action Script (AS3).
Will in that case also help to update the SDK and after that to re-publish the code or do I have to wait for an Flash Prof CC - Update?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 12, 2014 0
Community Beginner ,
Jun 13, 2014

Copy link to clipboard

Copied

We received this email as well. I didn't read anything about OpenSSL in the Release Notes | Flash Player® 14 AIR® 14.

nimitja can you confirm that this version realy fix this issue?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 13, 2014 0
Adobe Employee ,
Jun 13, 2014

Copy link to clipboard

Copied

Yes, the latest AIR SDK has updated openSSL (1.0.1g). We are also updating the Release Notes.

Regards,

Nimit

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 13, 2014 1
Community Beginner ,
Jun 13, 2014

Copy link to clipboard

Copied

Thanks for the fast response!

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 13, 2014 0
Community Beginner ,
Jun 13, 2014

Copy link to clipboard

Copied

As it said in the mail from Google(http://www.openssl.org/news/secadv_20140605.txt), we should upgrade the openssl to version 1.0.1h. Wondering if the bug already fixed in version 1.0.1g coming with the latest version 14.0.0.110 AIR SDK?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 13, 2014 0
Adobe Employee ,
Jun 13, 2014

Copy link to clipboard

Copied

We are aware of openSSL 1.0.1h version and the updated AIR SDK will be available soon.

Regards,

Nimit

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 13, 2014 0
New Here ,
Jun 13, 2014

Copy link to clipboard

Copied

nimitja wrote:

We are aware of openSSL 1.0.1h version and the updated AIR SDK will be available soon.

Regards,

Nimit

So do we have to wait for the new AIR release or the current (14.0) is enough to fix this issue?

(For Android mobile application on Google Play)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 13, 2014 0
Adobe Employee ,
Jun 13, 2014

Copy link to clipboard

Copied

Yes, you can ahead with latest AIR SDK.

Regards,

Nimit

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 13, 2014 0
Community Beginner ,
Jun 13, 2014

Copy link to clipboard

Copied

Dear Nimit,

what means "available soon"?
All the best, Frank

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 13, 2014 0
Explorer ,
Jun 13, 2014

Copy link to clipboard

Copied

adb.exe in AIR 14.0.0.110 seems to use OpenSSL 1.0.1c

$ strings lib/android/bin/adb.exe | grep OpenSSL

Big Number part of OpenSSL 1.0.1c 10 May 2012

RSA part of OpenSSL 1.0.1c 10 May 2012

[...]

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 13, 2014 0
Adobe Employee ,
Jun 13, 2014

Copy link to clipboard

Copied

Thanks for reporting this. We will update this soon but it does not impact your application. The openSSL updates are in the Runtime.

Regards,

Nimit

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 13, 2014 0
New Here ,
Jun 13, 2014

Copy link to clipboard

Copied

So if we update the SDK to 14.0 then we are all done?

It does not have anything to do with Milkman's extensions? (I am using Google Play Games and AdMob)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Jun 13, 2014 0