Preparing for the Flash Player 9 April 2008 Security Update

Author	All Replies
NICK ADSL UK Premium,MVM join:2004-02-22 edit: March 25th, @06:34PM	Preparing for the Flash Player 9 April 2008 Security Update Adobe is planning to release a security update for Flash Player 9 in April 2008 to strengthen the security of Adobe Flash Player for our customers and end users, and to provide further mitigations for previously disclosed vulnerabilities. The Flash Player security update provides further mitigations for issues listed in the December 2007 Security Bulletin ABSP07-20 for DNS rebinding and cross-domain policy file vulnerabilities, and Security Advisory APSA07-06 for cross-site scripting vulnerabilities in SWFs. Due to the possibility that these security enhancements and changes may impact existing content, Adobe is providing relevant information in advance to allow customers to better prepare for the pending release. Customers are advised to review the upcoming Flash Player updates to determine if their content will be impacted, and to begin implementing necessary changes immediately to help ensure a seamless transition. This document provides an overview of the upcoming Flash Player changes, links to TechNotes, and relevant documentation to help you better prepare. If any of the following situations apply, you should read this article in detail: »www.adobe.com/devnet/flashplayer···ate.html You use sockets or XMLSockets, regardless of the domain to which you are connecting You use addRequestHeader or URLRequest.requestHeaders in any network API call when sending or loading data cross-domain or You provide access to content on remote domains as a web service provider You have SWFs that are exported for Flash Player 7 (SWF7) or earlier that communicate with the hosting HTML by any means You use "javascript:" through network APIs to communicate outside a SWF -- Wilders Security Forum Admin Microsoft MVP - Consumer Security
	to forum · permalink · · 2008-03-25 18:21:41 ·
altermatt Premium join:2004-01-22 White Plains, NY ·Verizon Online DSL	said by NICK ADSL UK : You have SWFs that are exported for Flash Player 7 (SWF7) or earlier that communicate with the hosting HTML by any means If I'm reading this correctly (and I most likely am not ), it sounds like anyone with a website that has an .swf that was created for Flash 7, which works fine in current versions, will have a problem with the new update? does the .swf have to be completely re-created using a later version of Flash? If so, this is pretty awful for website owners, but I'm guessing I'm misunderstanding? -- The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick
	to forum · permalink · · 2008-03-25 18:56:05 ·


Saturday, 26-Jul 02:03:13	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact 8th year online! © 1999-2008 dslreports.com. page compression OFF