Important Flash Player Security Update – Check your applications

Adobe Devnet has a security advisory on the upcoming Flash Player 9 update. The advisory lists a few very important changes to the security model in Flash Player which can possibly impact your existing Flex and Flash applications. The changes are primarily to address the vulnerabilities of the earlier versions of Flash Player (9,0,115,0 and before).

There are four key changes that can possibly impact existing applications:

  • A socket policy file will always be required for all socket connections
  • A policy file will be required to send headers across domains (This will possibly affect some of the Flex apps that I work with)
  • The allowScriptAccess default will always be “sameDomain”
  • “javascript:” URLs will be prohibited in networking APIs, except getURL(), navigateToURL(), and HTML-enabled text fields

Although no date is specified, but these updates to Flash Player would come in force during April 2008.

Here are some relevant links, including the link to the security advisory:

2 thoughts on “Important Flash Player Security Update – Check your applications”

Comment on this blog post...