Preparing for the Flash Player 9 April 2008 Security Update in Security

Preparing for the Flash Player 9 April 2008 Security Update in Security http://www.dslreports.com/forum/r20224537 en Fri, 29 Aug 2008 21:11:48 EDT Fri, 29 Aug 2008 21:11:48 EDT Re: Preparing for the Flash Player 9 April 2008 Security Update http://www.dslreports.com/forum/remark,20224747 altermatt :

said by NICK ADSL UK

:

You have SWFs that are exported for Flash Player 7 (SWF7) or earlier that communicate with the hosting HTML by any means

If I'm reading this correctly (and I most likely am not ;)), it sounds like anyone with a website that has an .swf that was created for Flash 7, which works fine in current versions, will have a problem with the new update? does the .swf have to be completely re-created using a later version of Flash? If so, this is pretty awful for website owners, but I'm guessing I'm misunderstanding?
--
The truth of a thing is the feel of it, not the think of it. -- Stanley Kubrick]]> http://www.dslreports.com/forum/remark,20224747 Tue, 25 Mar 2008 18:56:05 EDT Preparing for the Flash Player 9 April 2008 Security Update http://www.dslreports.com/forum/remark,20224537 NICK ADSL UK : Adobe is planning to release a security update for Flash Player 9 in April 2008 to strengthen the security of Adobe Flash Player for our customers and end users, and to provide further mitigations for previously disclosed vulnerabilities. The Flash Player security update provides further mitigations for issues listed in the December 2007 Security Bulletin ABSP07-20 for DNS rebinding and cross-domain policy file vulnerabilities, and Security Advisory APSA07-06 for cross-site scripting vulnerabilities in SWFs. Due to the possibility that these security enhancements and changes may impact existing content, Adobe is providing relevant information in advance to allow customers to better prepare for the pending release.

Customers are advised to review the upcoming Flash Player updates to determine if their content will be impacted, and to begin implementing necessary changes immediately to help ensure a seamless transition. This document provides an overview of the upcoming Flash Player changes, links to TechNotes, and relevant documentation to help you better prepare.

If any of the following situations apply, you should read this article in detail:

»www.adobe.com/devnet/flashplayer···ate.html

You use sockets or XMLSockets, regardless of the domain to which you are connecting
You use addRequestHeader or URLRequest.requestHeaders in any network API call when sending or loading data cross-domain

or

You provide access to content on remote domains as a web service provider

You have SWFs that are exported for Flash Player 7 (SWF7) or earlier that communicate with the hosting HTML by any means
You use "javascript:" through network APIs to communicate outside a SWF
--
Wilders Security Forum Admin
Microsoft MVP - Consumer Security

]]> http://www.dslreports.com/forum/remark,20224537 Tue, 25 Mar 2008 18:21:41 EDT