webcam.swf's allowDomain * detected as potential vulnerability #324
Description
A security scan reported that webcam.swf contains a wildcard in the allowDomain method, which is considered insecure.
Impact
Very relaxed cross-domain permissions may enable attacker to perform spoofing and data theft attacks.
Solution
The recommendation is to use more restrictive wildcards to grant cross-domain permissions only to domains and sub domains that are really trusted. For more details on Security.allowDomain plese see the help document by Adobe: http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/system/Security.html
I'm not sure whether the right solution is to offer a configuration setting somewhere that the SWF can load, or whether webcam.swf should simply be removed (after all, Flash is unmaintained and thus is not considered safe in general anymore), but I wanted to make sure you are aware of the potential issue.