This is a bit of a scare story isn't it? Flash itself isn't vulnerable to XSS attacks - it is the fact JavaScript can connect to Flash. JavaScript is the problem here, and I completely disagree with a previous comment saying that JavaScript is secure. A .swf file, with JavaScript disabled, cannot access anything on the user's computer apart from Local Shared Objects, Flash's secure version of cookies. A .swf file with 'Allow Script Access' disabled is exactly the same.

It sounds like this security issue is a vulnerability that Flash can trigger, but that it is just as likely an html page using JavaScript could. It is also a bit dubious that we're encouraged to purchase the book to find out the real deal.

Finally, criticising Flash for being responsible for over the top, waste of time animations is wrong! It is the designers, those who use Flash, who create these issues. Just as there are many examples of poor implementation, there are many examples of how Flash makes using the internet a more streamlined, enjoyable experience.

It is a pity this article seems to have focused on Flash and then brought out lots of out dated criticisms, losing focus on what would actually have been useful i.e. what the actual security issue is! What is the issue that makes already published .swf files vulnerable? Surely this is an issue where a .swf file has been produced specifically for these nefarious purposes and then triggers the trouble. I guess we have to wait and see.

Anyway - Merry Christmas!