It’s Time To Turn Off Adobe Flash – Twenty Flash Security Vulnerabilities in The Last Week

July 13th, 2015

Suprise

Update July 15, 2015: Since I did this post, Brian Barrett at Wired wrote the article, Flash. Must. Die. It’s a good summary of the situation.

I’ve been planning to do a post on this subject for over a week, when this latest series of Adobe Flash problems started, and I removed Adobe Flash from all of my systems just to see how much of a problem not having Adobe Flash installed would be. But today it really hit the fan when the latest updates to Adobe Flash didn’t fix all the problems, so it’s a perfect time to do this post.

It appears that the black-hat hackers have discovered how easy Adobe Flash is to hack and are having a field day. Three major problems have happened in the last few days. Adobe released a fix and immediately there are more major flaws found. To get a feel for the scale of the problem, today Alex Stamos, Chief Security officer at Facebook on Twitter said:

It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.

Even if 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once.

Here are some others that are, as of today, recommending you uninstall/disable Adobe Flash on your systems:

  • AppleInsider: “It’s time to uninstall Adobe’s Flash from your Mac – here’s how”
  • Wired: “Flash Must Die”
  • KrebsOnSecurity: “We are likely to continue to see additional Flash zero-day bugs surface as a result of this breach. Instead of waiting for Adobe to fix yet another flaw in Flash, please consider removing or at least hobbling this program.”
  • Taylor Swift: Dear Flash – “Now we got problems And I don’t think we can solve ’em”

There is going to be a major movement across the internet to get away from using Adobe Flash. But it could take 12 months or more for it to happen. In the meantime, you are likely vulnerable to spyware, and malware if you use Flash.

How to protect yourself:
At this point uninstalling Adobe Flash from you systems will give you protection against the security problems with Adobe Flash, currently out there in the wild because problems are arising faster than Adobe can fix them.  I’ve been running for about a week with Flash uninstalled and it’s not a big deal. There are a few videos that no longer work of course. My biggest problem is I like to watch Charlie Rose interviews on charlierose.com and the video on that site uses Flash. If you use the Chrome Browser the flash player is integrated into the browser (unlike other browsers) and it just takes a couple of seconds to enable Flash for a site that you want to trust. Then disable it again for general browsing because as of the last few weeks there are bad things that can happen to you if you.

Don’t use Adobe Flash on your website or tours:
These recent events are just another reason not to use Adobe Flash, in addition to the fact that Flash is not supported on iPhone and iPads. It is quite clear that today’s events are going to start a mass exodus away from Flash. The sooner you can abandon Flash the better off you will be.

Share this

9 Responses to “It’s Time To Turn Off Adobe Flash – Twenty Flash Security Vulnerabilities in The Last Week”

  • When I heard that apple was not supporting flash at all over a year ago for its ease of hacking, I ceased using it an took down all my flash driven slide shows. Such a useful tool but I don’t see any reason to make life easier than I have to for hackers. Besides, I believe the HTML5 supports a range of new ways to show slide shows and video on sites. But what I don’t know is how exactly to remove flash from my browsers. I am afraid the old ones are still there. Any step by step tips?

  • @larry If you have a Roku, you can add PBS to your channels, and watch Charlie on demand.

    I’m not sure I’ve noticed any signs of flash hacking on my Mac… what are the symptoms?

  • “I’m not sure I’ve noticed any signs of flash hacking on my Mac… what are the symptoms?”

    Sudden withdrawal of all your money from your bank account(s) by someone other than you.

    Or the IRS sending your tax refund check to someone else.

    Most likely, if they were a decent hacker, then you won’t NOTICE any symptoms… until it is too late.

  • Glad to hear that Flash seems to finally be going away. Other than security issues, I never liked it because it has no provision for color management.

  • Just uninstalled on both Macs. Thanks for the heads up.

  • Maybe a dumb questions, but, since it’s an Adobe product, we won’t see any problems with Creative Cloud, will we?

  • sorry… a couple more questions: “Flash” and “Flash Player” are two different things? Get rid of it all?

  • @Craig – the Flash Player is a very old plugin for internet browsers so when it is hacked, you machine becomes at risk from malicious websites. Creative cloud is very different, it’s not a likely target for hackers.

    Flash is the Adobe Application that allows people to create Flash based graphics that can be played by the Adobe Flash Player in a browser. The problem software is the Flash Player.

  • Not only is Flash dead, it is becoming a menace. I’m still amazed that popular Virtual Tour hosts like TOURFACTORY still require the FLASH plugin for viewing real estate tours on the desktop to this day. Steve Jobs created a big controversy when he refused to include Flash in Apple iOS and was he right, probably more than he knew.

    For those who still want to view Flash content, Google Chrome integrates the flash plugin into their browser and keeps it up to date automatically. Not sure for how long.
    https://support.google.com/chrome/answer/108086?hl=en

Comments RSS

Leave a Reply