by Adobe

Adobe logo


4 November 2010

Note: The following article is for developers only. Customers who are experiencing Adobe Flash Player installation issues should begin troubleshooting in the Flash Player Support Center.
The Adobe Flash Player 10.1.102 Security Update addresses the issues described in Security Bulletin APSB10-26. The latest Flash Player update is available from the Flash Player Download Center. Adobe recommends installing all security updates as soon as possible.
Over the past several releases of Adobe Flash Player, we have posted articles to the Adobe Developer Connection discussing potential changes to existing content that may occur because of required security model changes. Our goal in pre-communicating these changes is to give you as much information as possible, as early as possible, so that you can avoid an interruption to your content.
For Flash Player 10.1.102, no pre-communication was needed because the security model changes should not affect any of your existing content. This is the norm. Indeed, Flash Player has had minor releases throughout its history; however, most developers were not aware of them because there was no impact to their work.

ApplicationDomain changes

Prior to Flash Player 10.1.102, when creating an instance of a class, a search for the class definition would begin in the topmost parent ApplicationDomain and continue down to the current ApplicationDomain, until a match was found. Subsequent class definitions loaded at any time, and in any parent of the current ApplicationDomain would take precedence over an existing definition, which could result in inconsistent application behavior.
As of Flash Player 10.1.102, these search rules have been modified such that once a class definition is used, subsequent searches for that class will guarantee returning the same definition.

Minimizing the impact of security changes

Backwards compatibility has been a hallmark of the success of Flash Player, as has been our responsiveness to security issues that arise from time to time. We try to balance these two goals as carefully as possible. In every security release, we strive to avoid any impact on existing content.
When content changes are unavoidable to respond to a security issue, our first goal is to try to design the fix in a way that can be managed without having to recompile a SWF file. We look for solutions that we can effect through changes to the HTML, cross-domain policy files, or server configuration. Only when this is not possible do we make the difficult decision to implement a solution that requires a change to the SWF file.
We take compatibility bugs seriously, so if you do experience any change in the behavior of your SWF files after installing Flash Player 10.1.102, please contact Adobe by filing a bug in our public Flash Player bug and issue management system. This is the best and fastest way to have the Flash Player team investigate the issue. For more information, read Introducing the Flash Player bug and issue management system.

Preparing for future security releases

The best way to make sure that your content is not affected by security releases is to stay informed. For the most current information on what you may need to do to respond to security change pre-communications, periodically check the Flash Player Developer Center and Adobe AIR Developer Center. The definitive information for changes that you need to make will be posted there.
You can also follow the blog of the Adobe Product Security Incident Response Team. The PSIRT blog will contain links to announcements of security changes in upcoming Flash Player releases that may affect your content and will also reference any security bulletins and advisories for our products.
You can find patch information for all Adobe products on the Security bulletins and advisories page. Here you can sign up for our notification service, which will notify you of our patch bulletins as they are released.