Fx{r} is trying to start the Fx{r} Community! Please join our group on Adobe Groups following this link: http://groups.adobe.com/groups/ab29539ab9.
Fx{r} is now on Twitter too. Follow us @ twitter.com/fx_r!
«
»

ActionScript, Flash Player, Security

Adobe Player Security Update

Virgil Cristea | 25.03.08 | Comment?

Google Buzz

Adobe plans to release a new security update for the Flash Player on 9 April 2008. The update plans to fix the issues listed in the December 2007 Security Bulletin ABSP07-20 for DNS rebinding and cross-domain policy file vulnerabilities, and Security Advisory APSA07-06 for cross-site scripting vulnerabilities in SWFs.

Some of the notable changes:

    1. the socket xml file introduced by the 9,0,115,0 is now mandatory
    2. HTTP policy files will no longer permit socket access

      These changes come from the need of better DNS hardening, to ensure that ActionScript cannot be used as a means for a DNS rebinding attack (as referenced in Security Bulletin ABSP07-20) that could result in an unauthorized socket connection.

      The whole bulletin with all the updates is located here.

      Share and Enjoy:
      • Twitter
      • Google Buzz
      • LinkedIn
      • Google Bookmarks
      • del.icio.us
      • Digg
      • Sphinn
      • blogmarks
      • Reddit
      • StumbleUpon
      • Facebook
      • DZone
      • FriendFeed
      • Yahoo! Buzz
      • Yahoo! Bookmarks
      • Slashdot
      • MySpace
      • Add to favorites




      Tags: , ,

      This post was written by Virgil Cristea

      Views: 2261

      related

      have your say

      Add your comment below, or trackback from your own site. Subscribe to these comments.

      Be nice. Keep it clean. Stay on topic. No spam.

      You can use these tags:
      <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="">

      :

      :


      «
      »