Flash 9 Security Update coming in April of 2008

I recently read on Emmy Huang’s blog that there is a new security update coming out for Flash 9 that may affect existing swf content on the web. This Flash Player update will address some of the vulnerabilities that were discovered in December of last year.

For the most part it looks like there are easy work-arounds to fix any possible problems but if you are using any of the following actionscript items you’ll want to read the Developer Center article about the update.

  • Use of sockets or XMLSockets, regardless of the domain the SWF is connecting to
  • Use of addRequestHeader or URLRequest.requestHeaders in any network API call when sending or loading data cross-domain OR Provides access to content on remote domains as a web service provider
  • Use of SWFs that are exported for Flash Player 7 (SWF7) or below that communicate with the hosting HTML by any means
  • Use of ‘”javascript:’” through network APIs to communicate outside a SWF

If you are not sure if your Flash needs to be updated, the Developer Center article goes into detail on each of the issues and gives examples of possible uses.

Jesse Harding
Posted on March 18, 2008 at 10:34 am, filed under Design Tips.
Bookmark this page. Both comments and trackbacks are currently closed.
Error in my_thread_global_end(): 4 threads didn't exit