Flash Player Security Confusion

Maybe I’m not the sharpest tool in the toolbox, but it seems like every “security” related document I’ve ever read about Flash Player has been deliberately obfuscated to prevent ‘normal’ humans from understanding it. For instance, take a look at the example below regarding changes made to Flash Player 9.0.124 (image links to the article).

I had to read this sentence over several times before I felt like I understood the intent and I still wouldn’t stake much money on my interpretation. Even when drilling down and following the link it was several paragraphs before getting to what I believe is the salient point (its still not clear if I need to do anything if my web service doesn’t utilize request headers).

It’s absolutely insane that a security update to Flash Player that will ‘break’ existing content isn’t explained better. I’m not sure why concrete examples aren’t given that would help those not steeped in security lexicon understand the implications quickly and easily. For instance, it might be helpful to note that if you have a restful or SOAP web service (serves up xml) API which allows 3rd party content not hosted on your server to access the API, you’ll need to update your cross-domain policy file (at least this is what it seems like the the security bulletin is saying). I’m also assuming this effects all cross-domain data loading which means if you serve up JSON or AMF you’re impacted as well.

Yo Adobe, if you want to safeguard the reputation of Flash Player then you need to make this information a bit more friendly, clear and explicit–if only for obtuse folks like me. :)