Flash Player’s turn on the chopping block can’t come soon enough
I do enjoy being able to kick back with a cup of coffee while listening to Wynton Marsalis’ Premature Autopsies on a Sunday morning. ”Though we are told to mourn it, we must know that it was a noble sound. It had majesty. Yes, it was majestic.” Beautiful composition.
My thoughts turn to the decidedly ignoble Flash. No, not Barry Allen. Rather, the multimedia software that sports the same moniker. This is a software offering that has been seen as a bane of security practitioners’ existence for years. It was pervasive, to say the least.
Flash may have been seen as a majestic beast by web developers, but it held numerous security issues beneath the shiny veneer. These days, the media player can be found in common usage on just over 5% of the websites online today – and that number is declining.
Flash first made its debut in the early 90s as SmartSketch, from a company that was called FutureWave Software.
In 1995 the devs re-released the product as FutureSplash Animator, before the company was acquired by Macromedia in December 1996 and renamed as Macromedia Flash.
Macromedia was itself bought by Adobe Systems in 2005, in a move that saw Flash change ownership for the final time.Play it out
I’ll freely admit it, there have been many moments where I looked at something that was rendered with Flash and thought, “Oh that’s neat,” but they were fleeting.
There are a raft of security issues for the venerable software package that have led to no end of headaches for defenders and regular computer users alike. Case in point: a quick cursory search for Flash-related vulnerabilities generated over 1,000 published CVEs.
It got so bad at one point that I created a tongue-in-cheek template for creating your own Flash-related advisory.
It is certainly good news to see that Adobe Flash Player is on the chopping block for 2020, but all things being equal, I would rather that date would be far sooner.
Now the security of externally facing sites is slowly but surely being addressed, as evidenced with the precipitous drop in the number of sites running Flash.
While this is good news, I’m somewhat more concerned with the wide swath of time tracking systems, internal portals, and learning management systems that still heavily rely on this software.
In turn, this means that employees at many companies around the world are obliged to have Flash installed on their systems in order to do their jobs.
This is where I grow evermore concerned that this problem will continue well beyond the 2020 end of life date for Flash. Hopefully there will now be a concerted push towards HTML5.
While we embrace the impending doom of Flash, we have to keep in mind that this could well linger long beyond what we hope is the end.