Important Flash Player Security Update - Check your applications
Adobe Devnet has a security advisory on the upcoming Flash Player 9 update. The advisory lists a few very important changes to the security model in Flash Player which can possibly impact your existing Flex and Flash applications. The changes are primarily to address the vulnerabilities of the earlier versions of Flash Player (9,0,115,0 and before).
There are four key changes that can possibly impact existing applications:
- A socket policy file will always be required for all socket connections
- A policy file will be required to send headers across domains (This will possibly affect some of the Flex apps that I work with)
- The allowScriptAccess default will always be "sameDomain"
- "javascript:" URLs will be prohibited in networking APIs, except getURL(), navigateToURL(), and HTML-enabled text fields
ᅠ
Although no date is specified, but these updates to Flash Player would come in force during April 2008.
Here are some relevant links, including the link to the security advisory:
- Adobe Devnet Flash Security Advisory: Preparing for the Flash Player 9 April 2008 Security Update
- Security changes introduced in Flash Player 9
- Check Flash Player version: Version Test for Adobe Flash Player
ᅠ
Comments
zeflasher wrote on 04/01/08 2:02 PM
This update is coming probably cause vista hacked using the flash palyer...Check it here
http://news.yahoo.com/s/nf/20080331/bs_nf/59043
++
David wrote on 04/01/08 1:44 PM
Thanks Indy!Nice new look on the blog btw!