Be Ready for the Flash Player 9 April 2008 Security Update

Adobe has announced plans to release a security update that could significantly impact existing Flash applications that utilize cross-domain communication.

To quote from their post:

If any of the following situations apply, you should read this article in detail:

* You use sockets or XMLSockets, regardless of the domain to which you are connecting

* You use addRequestHeader or URLRequest.requestHeaders in any network API call when sending or loading data cross-domain
or
You provide access to content on remote domains as a web service provider

* You have SWFs that are exported for Flash Player 7 (SWF7) or earlier that communicate with the hosting HTML by any means

* You use “javascript:” through network APIs to communicate outside a SWF

To defend against malicious HTTP headers, the update requires a cross-domain policy check before allowing SWFs to send headers to another domain.

If you perform any cross-domain communication in your Flash applications, especially those compiled for Flash Player 7 or earlier, you should really take some time to read up on this release.

-rG