There was a time when Flash was the go-to for rich media content – everything from animations to rich graphics to browser games. Unfortunately, times have changed. Flash is no longer what it once was. Now, rather than being a gold standard, it’s little more than a horrendous quagmire of crippling security vulnerabilities.
It’s not terribly surprising, then, that many security experts have begun chanting their desire for Adobe to finally kill the software. The idea is that we need to force businesses and webmasters to move to more secure standards – both for their sake and the sake of the end user. Leading the charge is Facebook’s new Chief Security Officer, Alex Stamos.
“It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day,” wrote Stamos on Twitter. “Even if 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once.”
The event that spurred Stamos to compose those tweets was the recent Hacking Team hack, in which over 400 GB of files were stolen from the spyware firm and leaked online. Among the released data was information pertaining to a crippling vulnerability connected to Adobe’s Flash player – one which Hacking Team described as “the most beautiful flash bug for the last four years.”
Yeah, it really is that bad.
Although Adobe has since released a patch for the vulnerability, the fact remains that it isn’t a forced update – many enterprises and webmasters likely aren’t going to install it for quite some time. What that means is that there are still a ton of vulnerable Flash installations on the web, and they’re putting users at risk.
It’s this fact that led Mozilla to finally block the Flash plugin on its Firefox browser. When a user navigates to a page that uses Flash, they now see a message informing them that it’s been blocked on account of “seriously compromising Firefox security.” Not surprisingly, Mozilla’s standing with Stamos as one of the organizations calling for Flash to be discontinued as a web standard. Although Firefox has now removed the warning in light of the patch, that doesn’t alter the fundamental point — it’s time for Flash to be put out to pasture.
It seems unlikely that Adobe can ignore those calls for much longer. With Mozilla’s decision to label Flash a security threat, there’s a decent chance other browsers will follow suit. Google certainly might, especially given that it just recently dropped the standard for HTML5. Microsoft might, as well – it’s hard to tell what they’ll do in this situation.
Either way, one thing is clear: Adobe Flash is on its last legs, and if you’ve any sense, you’ll start making the transition to a newer, more functional, and more secure standard right away. You owe it to both your users and yourself.
Mind you, it’ll probably take a while to die – but it will fall out of favor eventually, and you need to be ready for when it does.