Adobe Devnet has a security advisory on the upcoming Flash Player 9 update. The advisory lists a few very important changes to the security model in Flash Player which can possibly impact your existing Flex and Flash applications. The changes are primarily to address the vulnerabilities of the earlier versions of Flash Player (9,0,115,0 and before).
There are four key changes that can possibly impact existing applications:
- A socket policy file will always be required for all socket connections
- A policy file will be required to send headers across domains (This will possibly affect some of the Flex apps that I work with)
- The allowScriptAccess default will always be “sameDomain”
- “javascript:” URLs will be prohibited in networking APIs, except getURL(), navigateToURL(), and HTML-enabled text fields
Although no date is specified, but these updates to Flash Player would come in force during April 2008.
Here are some relevant links, including the link to the security advisory:
- Adobe Devnet Flash Security Advisory: Preparing for the Flash Player 9 April 2008 Security Update
- Security changes introduced in Flash Player 9
- Check Flash Player version: Version Test for Adobe Flash Player
Thanks Indy!
Nice new look on the blog btw!
This update is coming probably cause vista hacked using the flash palyer…
Check it here
http://news.yahoo.com/s/nf/20080331/bs_nf/59043
++