Heads up: Prepare for the Flash Player 9 security update
Adobe is preparing a security update for Flash Player 9 that will be released next month (April 2008) to fix previously disclosed (see Security Bulletin ABSP07-20 and Security Advisory APSA07-06) vulnerabilities and to further strengthen the security of the Flash Player.
These are the main things you have to watch out for:
- A socket policy file will always be required for all socket connections
Important when you use sockets or XMLSockets, regardless of the domain to which you are connecting - A policy file will be required to send headers across domains
Important when you use addRequestHeader or URLRequest.requestHeaders in any network API call when sending or loading data cross-domain or you provide access to content on remote domains as a web service provide. This applies to all methods of loading data including solutions like AMF-PHP (see Wade Arnold’s blog for an example crossdomain policy file for AMF-PHP) - The allowScriptAccess default will always be “sameDomain”
Important when you have SWFs that are exported for Flash Player 7 (SWF7) or earlier that communicate with the hosting HTML by any means - “javascript:” URLs will be prohibited in networking APIs, except getURL(), navigateToURL(), and HTML-enabled text fields
Important when you use “javascript:” through network APIs to communicate outside a SWF
Check out Adobe Devnet for more in-depth information.
Feel free to follow me on: 
