July 27, 2017
Adobe has finally pulled the plug on Flash, an application that Steve Jobs excoriated as far back as 2010 for being too insecure and proprietary for the iPhone. Adobe stated that it would no longer update and distribute the Flash Player at the end of 2020, and many in the industry will cheer its demise. In fact, Chrome, Microsoft Edge and Safari have been blocking Flash for the past year, but many sites devoted to gaming, education and video still use Flash, whose infamously weak security has been exploited by malware.
“Flash has been a favorite amongst exploit kit authors for several years,” said Malwarebytes lead malware analyst Jérôme Segura, as reported in Wired. “Due to an alarming number of zero-day exploits distributed via large malvertising campaigns in recent years, many in the security community have urged users to completely remove Flash from their machines.”
Although Wired relates numerous recent incidents, it says that, “the real reason Adobe will move on from Flash, though, is … obsolescence.” “The writing’s been on the wall long enough,” said Forrester Research analyst Jeffrey Hammond. For several years, developers began gravitating to open standards such as HTML5, WebGL and WebAssembly, and Adobe itself has invested in HTML5 since 2010.
Flash is already largely gone: Apple’s iOS hasn’t had the Flash Player plug-in since 2010, Android banished it in 2012, and Google “has automatically blocked Flash ads from running … since September 2015.” Firefox and Microsoft have also hobbled the plug-in, leaving “Internet Explorer as the web’s last Flash hotbed,” although “IE … will disable Flash by default in 2019.”
The Verge reports that, “Google will continue phasing out Flash over the next few years, while Mozilla says Firefox users will be able to choose which websites are able to run Flash next month and allow Firefox Extended Support Release (ESR) users to keep using Flash until the end of 2020.” Apple’s Safari “currently requires explicit approval on each website even when Mac users opt to install Flash.”
In Wired, Segura noted that, “The focus might switch to yet another Achilles’ heel for all browsers, which are extensions and third-party plugins.” Developers will also have to either update their existing systems or abandon old sites. “We’re not going to see the end of the world as we know it, but we will see unexpected things,” predicts Hammond.