From kb2.adobe.com - December 5, 2011 3:36 AM

Due to a vulnerability in the Flex SDK, many Flex applications are vulnerable to cross-site scripting (XSS) attacks, and must be patched in order to protect user data.