2016 - A Year Without Flash
InfosecDespite Adobe’s best efforts to flog a dead horse, Flash still seemed to hold firm in 2015. But has lost some important allies along the way – namely YouTube and Chrome support, however some high profile sites such as the BBC still refuse to let it go.
Flash has been a constant pain in the side for security professionals and users alike. It’s still a common attack vector to gain admin privileges on unpatched systems, and still uses up all the CPU and memory of any poor device still forced to run it. What do you expect from an application that runs with full user rights and gets its instructions from the Internet?
So my New Year’s resolution is to ditch Flash. It’s been uninstalled on all computers I use, and I’m curious what problems I’ll encounter on the web. So far only the BBC site fails to load video, but there is a BBC iPlayer HTML5 Beta you can opt in to (http://www.bbc.co.uk/html5).
YouTube switched to HTML5 while ago, so no problems there. Normal functionality in Facebook and Twitter will be unaffected. Users who love Facebook games (or any web based games for that matter) will probably notice their farms fail to load, in which case making this change isn’t for you just yet, though I would recommend some real gaming instead 😉
To stay safe online, I’d recommend uninstalling Flash and seeking alternatives. You can then rest easy when the stories break regarding yet another Flash based vulnerability.