We are planning to release a security update to Flash Player 9 in April 2008 that further mitigates previously disclosed vulnerabilities. Because these security enhancements may impact existing SWF content for some customers, we are giving advanced notice of these changes so that you have time to prepare before the player is released.
The information Adobe is providing right now is for developers, IT departments and Web administrators to better prepare for the next update to Flash Player. End users do not need to take actions at this time but should update to the latest player in April upon its release.
The Adobe Developer Connection article describes who and what types of content may be impacted, the changes, and what you should do immediately to implement any necessary changes to ensure a seamless transition when the updated Player launches.
For those of you whom the following situations apply, please read the Adobe Developer Connection article in detail:
* Use of sockets or XMLSockets, regardless of the domain the SWF is connecting to
* Use of addRequestHeader or URLRequest.requestHeaders in any network API call when sending or loading data cross-domain OR Provides access to content on remote domains as a web service provider
* Use of SWFs that are exported for Flash Player 7 (SWF7) or below that communicate with the hosting HTML by any means
For more information about Flash Player security, visit
Flash Player Security and Privacy page
Flash Player Security section of the Adobe Developer Connection