Comment Re:Is this vulnerability really corrected? (Score 1) 42
could be copied and hosted elsewhere, how could Adobe reasonably claim to have corrected the vulnerability at all?
Think of it the same as if GCC had a bug that caused it to generate machine language code containing a vulnerability, when you were compiling a project. The bug was fixed, but all binaries previously compiled are vulnerable until rebuilt using a version of the compiler after the bugfix was made.
The vulnerability is a same-origin policy violation affecting only the site that hosts the SWF file; I guess it's not a RCE or other vulnerability in the Flash player itself; the binary code placed into the SWF file is executed faithfully, but in fact there's an issue in the particular bytecodes that were being generated when you compiled your project, so the compiled SWF file contained the vulnerability when correctly interpreted by the Flash player, if that makes sense.