Adobe Devnet has a security advisory on the upcoming Flash Player 9 update. The advisory lists a few very important changes to the security model in Flash Player which can possibly impact your existing Flex and Flash applications. The changes are primarily to address the vulnerabilities of the earlier versions of Flash Player (9,0,115,0 and before).
There are four key changes that can possibly impact existing applications:
- A socket policy file will always be required for all socket connections
- A policy file will be required to send headers across domains (This will possibly affect some of the Flex apps that I work with)
- The allowScriptAccess default will always be “sameDomain”
Although no date is specified, but these updates to Flash Player would come in force during April 2008.
Here are some relevant links, including the link to the security advisory:
- Adobe Devnet Flash Security Advisory: Preparing for the Flash Player 9 April 2008 Security Update
- Security changes introduced in Flash Player 9
- Check Flash Player version: Version Test for Adobe Flash Player