July 13th, 2015
Update July 15, 2015: Since I did this post, Brian Barrett at Wired wrote the article, Flash. Must. Die. It’s a good summary of the situation.
I’ve been planning to do a post on this subject for over a week, when this latest series of Adobe Flash problems started, and I removed Adobe Flash from all of my systems just to see how much of a problem not having Adobe Flash installed would be. But today it really hit the fan when the latest updates to Adobe Flash didn’t fix all the problems, so it’s a perfect time to do this post.
It appears that the black-hat hackers have discovered how easy Adobe Flash is to hack and are having a field day. Three major problems have happened in the last few days. Adobe released a fix and immediately there are more major flaws found. To get a feel for the scale of the problem, today Alex Stamos, Chief Security officer at Facebook on Twitter said:
It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.
Even if 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once.
Here are some others that are, as of today, recommending you uninstall/disable Adobe Flash on your systems:
- AppleInsider: “It’s time to uninstall Adobe’s Flash from your Mac – here’s how”
- Wired: “Flash Must Die”
- KrebsOnSecurity: “We are likely to continue to see additional Flash zero-day bugs surface as a result of this breach. Instead of waiting for Adobe to fix yet another flaw in Flash, please consider removing or at least hobbling this program.”
- Taylor Swift: Dear Flash – “Now we got problems And I don’t think we can solve ’em”
There is going to be a major movement across the internet to get away from using Adobe Flash. But it could take 12 months or more for it to happen. In the meantime, you are likely vulnerable to spyware, and malware if you use Flash.
How to protect yourself:
At this point uninstalling Adobe Flash from you systems will give you protection against the security problems with Adobe Flash, currently out there in the wild because problems are arising faster than Adobe can fix them. I’ve been running for about a week with Flash uninstalled and it’s not a big deal. There are a few videos that no longer work of course. My biggest problem is I like to watch Charlie Rose interviews on charlierose.com and the video on that site uses Flash. If you use the Chrome Browser the flash player is integrated into the browser (unlike other browsers) and it just takes a couple of seconds to enable Flash for a site that you want to trust. Then disable it again for general browsing because as of the last few weeks there are bad things that can happen to you if you.
Don’t use Adobe Flash on your website or tours:
These recent events are just another reason not to use Adobe Flash, in addition to the fact that Flash is not supported on iPhone and iPads. It is quite clear that today’s events are going to start a mass exodus away from Flash. The sooner you can abandon Flash the better off you will be.