Adobe Flash doesn’t exactly have the best reputation when it comes to security. The platform has been on the way out for years and if Facebook’s new chief security officer had his way, he’d put the dying platform out of its misery sooner rather than later.
In a recent post on Twitter, Alex Stamos said it was time for Adobe to announce the end-of-life date for Flash and to ask browser makers to set killbits on the same day. He added that even if it is 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once.
It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.— Alex Stamos (@alexstamos) July 12, 2015
A previously unknown Flash vulnerability surfaced last week following the high-profile hack of the Hacking Team earlier this month. Adobe patched it pretty quickly yet since that time, two additional flaws have emerged and it’s entirely possible that additional vulnerabilities could surface from the Hacking Team dump.
The newest vulnerabilities, labeled CVE-2015-5122 and CVE-2015-5123, target Windows, Mac and Linux. Adobe said it plans to issue patches for these critical flaws sometime this week.
Flash has been around for what seems like ages and was widely used on the web during the 2000s. The platform also played a key role in the early debate between Android and iOS. Proponents of Google’s mobile operating system pointed to its ability to display Flash-based content as a major advantage over Apple’s mobile OS.
Apple co-founder Steve Jobs wasn’t a fan of Flash to say the least, noting the platform was created during the PC era for PCs and mice. In 2010, Jobs predicted that new open standards created for the mobile era like HTML5 would eventually win on mobile devices and suggested Adobe start creating great HTML5 tools for the future instead of criticizing Apple for leaving the past behind.
Adobe announced in mid-2012 that it would no longer release Flash builds for Android.
Many security experts recommend removing Flash completely until the latest vulnerabilities have been patched or at the very least, enabling the “click to play” option in your browser so you control what Flash content does and doesn’t play.