24 February 2009
Over the past several releases of Adobe Flash Player, we have posted articles to the Adobe Developer Connection discussing potential changes to existing content that may occur because of required security model changes. Our goal in pre-communicating these changes is to give you as much information as possible, as early as possible, so that you can avoid an interruption to your content.
The Flash Player 24 February 2009 Security Update (version 10.0.22) addresses the issues described in Security Bulletin APSB09-01. The latest Flash Player update is available from the Flash Player Download Center. Adobe recommends installing all security updates as soon as possible.
For this particular release, no pre-communication was needed because the changes to Flash Player 10 should not have negatively affected your content. This is the norm. Indeed, Flash Player has had minor releases throughout its history; however, most developers have not been aware of them because there has been no impact to their work.
Minimizing the impact of security changes
Backwards compatibility has been a hallmark of the success of Flash Player, as has been our responsiveness to security issues that arise from time to time. We try to balance these two goals as carefully as possible. In every security release we strive to make zero impact on existing content.
When content changes are unavoidable to respond to a security issue, our first goal is to try to design the fix in a way that can be managed without having to recompile a SWF. We look for changes that we can make through changes to the HTML, cross-domain policy files or server configuration. Only when this is not possible do we make the difficult decision to implement a solution that requires a change to the SWF.
We take compatibility bugs seriously, so if you do experience any change in the behavior of your SWFs after installing Flash Player 10.0.22, please contact Adobe by filing a bug in our public Flash Player bug and issue management system. This is the best and fastest way of getting the issue looked at by the Flash Player team. (For more information, read Introducing the Flash Player bug and issue management system.)
Preparing for future security releases
The best way to make sure that your content is not affected by security releases is to stay informed. For the most current information on what you may need to do to respond to security change pre-communications, periodically check the Flash Player Developer Center and Adobe AIR Developer Center. The definitive information for changes that you need to make will be posted here.
You can also follow the Adobe Product Security Incident Response Team blog. Anytime we post security-related articles on the Adobe Developer Connection, they will be mentioned on the PSIRT blog, which will also reference any security bulletins and advisories for our products.
If you are interested in the security bulletins and advisories specifically, you can also visit the Security bulletins and advisories page to see bulletins for all Adobe products. On this page you can sign up to be notified of bulletins as they are released.