Are Recent Security Concerns the Nail in Flash’s Coffin?
Adobe Flash’s fast track toward becoming officially obsolete was rapidly sped up after two more security exploits were recently discovered in early July. A group of malware writers and distributors known as the “Hacking Team” had utilized the new exploits, which allowed them to drop spyware and other measures onto unsuspecting users. Some of the voices that chimed in after the exploit was discovered included prominent voices in computer engineering and security, including Alex Stamos, chief of security for Facebook.com.
The most recent exploits even gave Mozilla the motivation to take more official action, via the locking of Flash by default on its widely used Firefox platform across different operating systems. It’s one of the first times that a browser maker has taken such a fast step– the typical way to address the problem is to make users aware, and then quickly distribute a patch fix for clients. When that client happens to be third party software like Flash, however, it leaves companies like Mozilla with little options.
Flash has since been re-enabled in Firefox, but the point of vulnerabilities still stands. Many are now calling for the official end to Adobe Flash. Here are a few points to consider if you’re still using it:
- It’s one of the most popular vectors of attack with malware makers. The most recent Flash exploit is by no means new or unique. Flash has been used to insert malware and spyware into the computers of unsuspecting users for several years. The rise of on-site advertising banners made in Flash also led to networks having their ads “hijacked” by malware distributors, who could sneak in malicious coding without detection and use those ad networks to distribute it to hundreds of thousands of users before it could be detected.
- It’s not as powerful as HTML5. Companies like Google have more or less made the change over to HTML5 for video playback and other media-rich features, and it has to do with HTML5’s more modern, more efficient coding structure. Flash is outdated, and outdated coding leads to vulnerabilities that more recent standards have done away with. There’s no reason to stick with Flash at this point– Apple’s lack of support for Flash on their products is yet another market signal that the platform is on its way out.
- Only 11% of websites use Flash. Another sign that it’s lost its prominence is the sheer number of sites that use, or don’t use, Flash technology. Flash’s poor security record, combined with the instability of flash programming, has certainly made it the less popular choice for serious IT professionals that want a website that won’t leave visitors with a bad taste in their mouths.
With a lack of support from the professional segment online, and a general reputation for creating vulnerabilities that could threaten your personal and financial information, it may be time to put Flash back in its box and give it the farewell it deserves.