Please review the Flash Player Security article

Does your Flex app rely on a crossdomain file anywhere? Are you using sockets? Do you call out to JavaScript? If any of these hold, please make sure to review the Player 9 Security Update article which explains some upcoming changes that you may need to take into consideration. We try not to break existing content, but in this case there may be some changes you’ll need to make, primarily in your crossdomain settings.

Read the article for more info.

4 Responses to Please review the Flash Player Security article

  1. Shigeru says:

    > the hosting HTML by any meansDoes this “HTML” include XML?Does this mean *.html, *.xml, *.cfm, *.php, *.jsp and so on??

  2. Shigeru says:

    I figured out “the hosting HTML by any means”, sorry. Remove my comments. thanks

  3. Mark Haliday says:

    I recall reading the security articles back when they were published for the Flash Player version 9,0,115,0. It seemed to me that a socket policy file would be loaded from only port 843, but then if specified connect on a different port. It seems like Adobe has backed down from this now? It looks like I can load the socket policy file now from any port on my domain, is that true?

  4. MobiusKlein says:

    It appears to try both 843 and the selected port.The order of attempts is unspecified, and I’m certainly running into cases where 843 socket fails, the desired port works, but it seems to prevent the socket anyway. (but only on our live server, not in staging ones. And only for the embedded, not for the standalone .swf)