Is Flash’s Death Actually Near? At This Point, Everyone Is Hoping So

The death of Adobe Flash has been speculated to happen for… well, ever. But, it never happens. Instead, we continue to see security risk after security risk revealed, with a good number of them being so severe, they could act as a gateway to let an attacker enter your machine. In the earlier days of the Web, Flash seemed amazing. Today? With all of the Web’s other technologies? Not so much.

Well, with last week’s breach of Italian hacking group Hacking Team’s data, a trio of critical Flash-related vulnerabilities leaked out onto the Web, and for some, this is the final straw. One of the more vocal advocates of Flash’s demise is Facebook’s Chief Security Officer Alex Stamos. One of his tweets reads, “It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.”

Even if 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once.

— Alex Stamos (@alexstamos) July 12, 2015

In a recent release of Google’s Chrome, the company began disabling non-important Flash elements on a page, such as advertising. In order to view these elements, a play button will have to be clicked. This is more of a performance fix than a security one, since Flash is still potentially running; but it’s a good start nonetheless.

I noticed the other day that in Firefox, Mozilla had also begun blocking outdated versions of Flash. At least on my end, I am able to click “Allow” at the top to enable the plugin, but the browser will continually nag you to update until you do it. Unfortunately, it’s quite the chore outside of Chrome, requiring you to go to Adobe’s website and download the plugin manually, then deal with having to uncheck the free offer for McAfee software, and then wait a minute or two for the simple update to be downloaded. Ugh. You can see a list of blocked plugins in Firefox here.

For Adobe, deciding on an end-of-life date for Flash isn’t going to be easy. While the company’s Flash development software handles far more today than just what a Flash plugin can render, the entire Internet is still rich with Flash SWF content. Also notable is the fact that there are solutions that can’t be converted over to Flash, or can’t easily be converted over to Flash. For reasons that are difficult to fathom, entire app interfaces and management systems have been designed with Flash – converting all this would be a serious challenge.

But, it seems inevitable: Flash’s end has to come at some point. As it stands, it’s one of those relic technologies that’s doing us no favors today by being bulky and regularly acting as a proxy to exploitation.