There are security holes, security chasms and Flash

0
Flash elements in a website blocked by Firefox
Flash elements in a website blocked by Firefox

That Adobe Flash wasn’t exactly safe was a known fact. It’s one of those standards that became established for marketing and not technical reasons and keeps on being widely used even if today there are better technologies. However, after leaked documents revealed new vulnerabilities used to take control of other people’s computers, some web giants started taking action against its use. Alex Stamos, the Facebook’s security chief officer, demanded an end-of-life date for Flash. The Mozilla Foundation has gone further and started blocking the use of Flash in its browser Firefox.

Flash was born officially in 1996, when Macromedia acquired FutureSplash, producer of SmartSketch, a computer drawing application. An adaptation of that technology became Macromedia Flash Player. The world-wide-web was growing rapidly in those years and worked great with HTML pages. At the time, the connection speed was too low for a normal use of streaming but someone decided to use Flash to create sites with more sophisticated graphics, although they were indigestible to Google.

In 2005, Adobe Systems acquired Macromedia and from then on Flash became Adobe Flash. The Flash Player plugin has become a standard in browsers despite its flaws and problems of support for mobile devices. It’s also used for years for web streaming so it exists for many platforms.

Unfortunately, over time Flash has proved really dangerous from the security point of view. Adobe corrected many bugs but other ones keep on being discovered that make computers that use it vulnerable to attacks. Even secure operating systems such as Linux can be attacked: Linux with an active Flash plugin is like a fortress in which there are underground tunnels whose existence is unknown!

In recent days, new revelations about the vulnerability of Flash have reignited the debate. The company Hacking Team, involved in IT operations of various types, suffered a data theft that revealed that security holes in Flash were used to take control of external computers.

Also thanks to the progressive move of streaming platforms to HTML5, these new revelations led to very harsh positions against Flash. Yesterday Firefox started blocking the Flash elements in web pages, asking users if they want to activate them.

Today my operating system Kubuntu 4.14 LTS provided an update to Flash Player and of course I proceeded to install it but how many other security issues it can still have? I really hope that these latest revelations and the authoritative stands help free us from Flash to move on to a better and safer web.

Leave a Reply

Your email address will not be published. Required fields are marked *