Written by Adobe has announced plans to release a security update that could significantly impact existing Flash applications that utilize cross-domain communication.
To quote from their post:
If any of the following situations apply, you should read this article in detail:
* You use sockets or XMLSockets, regardless of the domain to which you are connecting
* You use addRequestHeader or URLRequest.requestHeaders in any network API call when sending or loading data cross-domain
or
You provide access to content on remote domains as a web service provider* You use “javascript:” through network APIs to communicate outside a SWF
To defend against malicious HTTP headers, the update requires a cross-domain policy check before allowing SWFs to send headers to another domain.
If you perform any cross-domain communication in your Flash applications, especially those compiled for Flash Player 7 or earlier, you should really take some time to read up on this release.
-rG
