A new version of Adobe Flash Player 9 is out in version 9.0.124.0, according to Adobe Systems . Adobe Flash Player 9.0.124.0 includes many new security enhancements. Cross-domain network headers are now allowed through the use of cross-domain policy files. The cross-domain policy file is required for both sending and loading requests. All socket connections now require the use of a socket policy file. HTTP cross-domain policy files can no longer be used to authorize a socket.

Here are the fixes made to the newer version:

• A media streaming security vulnerability was fixed in both Flash Player and Flash Media Server. As a result, Flash Media Interactive Server 3 and Flash Media Streaming Server 3 customers who are streaming H.264 content to Flash Player 9.0.124.0 or higher will need to upgrade their server to version 3.0.1.
• When html/SWF is in the local sandbox, getURL calls fail with Flash Player 9.0.115.0 in IE7. These calls will no longer fail in 9.0.124.0.
• A run-time warning has been added to the debug player in version 9.0.124.0 to reflect that AllowScriptAccess=”never” has been deprecated.
• Full-screen playback shows black triangles in Flash Player 9.0.115.0 on ATI cards on Microsoft Vista.
• Authorization header has been reinstated in Flash Player 9.0.124.0.