Adobe Flash, the standard that animated the early Web, is going the way of the dinosaurs—even YouTube has now transitioned to HTML 5. And its already battered reputation has taken further hits this year thanks to three serious security vulnerabilities that have emerged in just the past two weeks.
Enough is enough. It’s time for Web users to wean themselves of their lingering attachment to this buggy, outdated software … and uninstall Flash.
See also: ReadWriteWeb DeathWatch: Flash
True, not everyone’s going to be able to make the jump right away. Some internal corporate applications still require Flash; some websites still cling to it. But for your own safety, and for the good of the Web, you should make the effort.
Time To Say Goodbye
Flash Player is dead. Its time has passed. It’s buggy. It crashes a lot. It requires constant security updates. It doesn’t work on most mobile devices. It’s a fossil, left over from the era of closed standards and unilateral corporate control of Web technology. Websites that rely on Flash present a completely inconsistent (and often unusable) experience for fast-growing percentage of the users who don’t use a desktop browser. It introduces some scary security and privacy issues by way of Flash cookies.
They’re not kidding about Flash’s security vulnerabilities. The recent discoveries all involve so-called zero-day exploits, in which malicious hackers use or distribute tools that take advantage of previously undiscovered security flaws.
The first two exploits were somewhat less serious, as they required users to click on malicious links in spammy emails or texts. Most people are smarter than that these days—we hope.
The third one, though—discovered by TrendMicro—uses a malicious advertising vector, and thus affected far more users. Basically, anyone visiting a high traffic website infected with malicious advertisements could find their system hacked.
The security firm Malwarebytes found the ads on dozens of mainstream sites, including dailymotion.com, theblaze.com,nydailynews.com, tagged.com, webmail.earthlink.net, mail.twc.com and myj.uno.com. These ads would then redirect users to a landing page for the exploit kit Hanjuan that would do the real dirty work.
Take The Flashless Challenge
If the idea of having your laptop infected just because you visited an otherwise innocuous website doesn’t appeal to you, it’s time to get rid of Flash if you can. (Yes, Adobe has patched that particular vulnerability—but have you installed the patch? Will you install the next one, and the next one after that?)
To Uninstall Flash
To Tame Flash If You Can’t Get Rid Of It
If you need Flash for work, or are addicted to DailyMotion, or can’t deal with Facebook and Amazon refreshing pages too slowly, another option is to use an extension like FlashBlock. This allows you to limit your Flash usage to the sites you select. While you’ll still be somewhat vulnerable if a popular site is infected with malicious advertising, it’ll lower your risk.
- Firefox: Go to Tools->Add-ons->Plugins, where you can set Shockwave Flash to “ask to activate” (or “never activate”).
- Chrome: Go to Preferences->Settings->Advanced Settings->Privacy->Content Settings->Plugins->Click to play (or block by demand)
Lead image by ReadWrite