Another week, another gaping security hole in Adobe Flash.
Up until a few years ago, if you wanted to animate a website, and create a slick dynamic presentation, you used Adobe Flash. Flash even made inroads into mobile app development – for a time it seemed likely that Adobe Flash would become the defacto cross platform environment for mobile app development.
A relentless string of security embarrassments, defects which allow malicious websites to plant viruses on the computers of users who view the websites, has dramatically damaged the popularity of Flash. The seeming inability of Adobe to secure their Flash product is an ongoing disaster, which will almost certainly lead to the demise of Adobe Flash as a web standard.
The downfall of Adobe Flash, in my opinion, began in 2009. Steve Jobs, the legendary CEO of Apple Corporation who oversaw the birth of iPhone, published an open letter, explaining why Apple would not allow Adobe Flash to run on iPhone.
In April 2010, Steve Jobs, the co-founder and chief executive officer of Apple Inc. published an open letter explaining why Apple wouldn’t allow Flash on the iPhone, iPod touch and iPad. In the letter he cited the rapid energy consumption, poor performance on mobile devices, abysmal security, lack of touch support, and desire to avoid “a third party layer of software coming between the platform and the developer”. He also touched on the idea of Flash being “Open”, claiming that “By almost any definition, Flash is a closed system”.
Jobs also tried to dismiss the idea that Apple customers are missing out by being sold devices without Flash compatibility. He quoted a number of statistics and concluded with “Flash is no longer necessary to watch video or consume any kind of web content.”
At the time Steve Jobs’ decision was highly controversial. Critics suggested that Steve Jobs was exaggerating the problems with Flash, to try to steer developers into using his proprietary iPhone development environment, rather than allowing iPhone Apps to be developed using Adobe Flash.
Since 2009, ongoing and very public problems with Adobe Flash security have vindicated Jobs’ decision in the eyes of most observers. Adobe’s apparent inability to secure their product has provoked fury amongst developers and Adobe Flash users.
According to The Register
Enough is ENOUGH: It’s time to flush Flash back to where it came from – Hell
If you patched Adobe’s screen door of the internet – its Flash plugin – last week, and thought you were safe, even for a few weeks, you were sadly mistaken.
The Photoshop goliath is warning that yet another programming blunder in its code is being exploited in the wild, and says it won’t have a patch ready to deploy until later this week. Buckle up, in other words.
This latest security vulnerability is, as always, triggered when the plugin tries to play a malicious Flash file – allowing hackers to download malware onto PCs and effectively hijack the computers so passwords and more can be stolen.
According to Trend Micro, the Angler exploit kit was updated to leverage this particular flaw, and used to inject malware into PCs visiting web video site dailymotion.com via a dodgy ad network.
For now Adobe Flash continues to be used. A lot of legacy websites, and some mobile Apps, still use Adobe Flash – so completely removing support for Adobe Flash from all systems would potentially annoy users, by preventing them from accessing websites and mobile apps they rely on.
But Jobs’ early decision to ban Flash on iPhones, combined with the rise of alternatives such as Javascript / CSS animations, which provide comparable functionality without the security problems, has had an impact. Flash is now very much seen as a legacy system – something you have to consider supporting, because some old websites and mobile apps still require Flash, but not a system which you would use for creating new code or web content.
If you would like to know more about Adobe Flash, and options for upgrading or replacing Flash, please Contact Me