Security Changes in Flash Player 9

December 6th, 2007

An excellent discussion of the security changes in Flash Player 9 can be found here. The major security changes include fixes for policy file control and DNS rebinding.

The fixes appear to close lot of potential holes, but at first glance it seems that policy files just got a lot more complicated. With added complexity comes an increased chance of security flaws and configuration mistakes though.

It is going to take some time to go through all the changes and see how the new Flash version acts in the real world. I'm really interested in what approach was taken for the DNS rebinding fixes -- especially attacks against the localhost via the loopback address.

Posted by gfleischer on 2007/12/06 at 00:44 in Security
Home
Subscribe
RSS 2.0
Quick Links
Content
Info
Categories
Archives
Sitemap
Valid XHTML 1.0 Transitional Valid CSS!