Adobe hast just released (as a matter of fact on April 8 of 2008, but haven’t had the time to write this post until now) the Flash Player 9 (9,0,124,0), to strengthen the security of the player and to cover previous vulnerabilities.
This update will take effect on your content if:
You use sockets or XMLSockets, regardless of the domain to which you are connecting
You use addRequestHeader or URLRequest.requestHeaders in any network API call when sending or loading data cross-domain
You provide access to content on remote domains as a web service provider
You have SWFs that are exported for Flash Player 7 (SWF7) or earlier that communicate with the hosting HTML by any means
If any of this apply to your content read this article on Adobe’s Developer Connection it has indications of how to make the needed changes.
This security update will make the optional socket policy file changes introduced in Flash Player 9,0,115,0 mandatory.
Now the HTTP socket policy files will not longer allow socket access.
Flash Player has two types of policy files: HTTP policy files that are crossdomain.xml files on a server and define whether SWFs from other domains can load that server’s content; and socket policy files, which define what ports Flash Player can connect to via socket or XMLSocket connections. In the latest Flash Player, the rules regarding socket policy files have changed.
Be sure to read more of this on Adobe Developer Center so the changes go smoothly in case your content needs any.
Download the latest Flash Player (Flash Player 9,0,124,0) here.
And for developers download the Flash Player (Flash Player 9,0,124,0) debugger versions here.
This Tech Note may be of help in the case you need to uninstall the player before upgrading.
Flash Player 9 (Flash Player 9,0,124,0) Security Update by David Gamez, unless otherwise expressly stated, is licensed under a Creative Commons Attribution-Noncommercial 2.5 Mexico License.