【Flash将死?安全问题所致】作为曾经最重要的视频广告播放途径,Adobe Flash在2015年呈现出不可逆转的颓势,《卫报》评论称这是由于其多次曝出安全问题导致的,其中最近的一次是12月15日出现漏洞导致黑客可以利用邮件安装恶意安装软件。

2015 was the year that Adobe's Flash finally began to die

by Samuel Gibbs


Deaths are rarely to be celebrated, but there is one passing that certainly won’t be widely mourned: that of Adobe’s Flash.
2015 was the year the bug ridden security flaw finally went into terminal decline. Once the darling of the new interactive web (we’re talking in the late 1990s), enabling video, web apps and fancy ads, Flash has become bloated and dangerous, loved only by hackers on the open web.
As web browsers and operating systems have become more secure, Flash has stuck out like a sore thumb. It’s more of a liability than ever, accounting for a considerable amount of the malware attacks website visitors are subjected to. Even repressive regimes consider Flash a primary tool to let them access individuals’ computers.
So-called drive-by attacks, which allow hackers to take over computers when users simply view a site, often use vulnerabilities in Flash. The plugin just can’t be trusted anymore.
At the same time improved web-native technology, in the form of HTML5 and WebGL, has meant most of the common applications for Flash seen on the open web can be done without it. YouTube, Twitch, Facebook, Google’s Chrome, Firefox and Amazon have all migrated away from it. Some actively block it.
Even advertisers, who have been slow to move away from Flash, have started dumping the plugin. While 100m Flash ads were displayed year-on-year ending June 2015, that number is widely expected to be significantly lower by next year as browsers such as Chrome, used by over 57% of the desktop-using world according to data from Statcounter, begin blocking certain Flash elements by default.
It took until December this year, but even Adobe has now started to distance itself from its own product.
Over the past few years the company – which inherited Flash as part of its purchase of web software developer Macromedia in 2005 – has been working to support both HTML5 and animation framework WebGL within its Flash animation tools. Having noticed that more than a third of the content created within Flash Professional was actually HTML5, the company decided to dump Flash from the name entirely and call it Adobe Animate CC. It is still supported, but when the name Flash is so toxic it’s dragging products down, the writing is on the wall.
There are, however, still some reasons for Flash to exist. Software-as-a-service systems – those used by companies to manage employee history, claimbacks and budgets – often rely on Flash to power web apps running in browsers. Native apps running on the desktop could do the job just as well but most businesses are unlikely to rush to change. (Those systems are also part of the reason Internet Explorer 6 continues to exist, but that’s a story for another day.)
So Flash may live on in the captive environment of company intranets for a while yet, but its life in the wilds of the open web finally seems to be coming to an end.
Mobile devices have been Flash-free for years and they work better than most desktops. That speedy, more secure experience will increasingly come to desktops too. RIP Flash, we won’t miss you.
Yet again, Adobe’s Flash plugin has been hit by a “zero-day” exploit, meaning that even users with a fully up-to-date installation of the software are vulnerable to attacks.
Hackers exploiting the vulnerability can install software on users’ computers against their will, and at least one group is doing just that, according to security researchers at Trend Micro.
The hacking campaign began with phishing emails sent out using subject lines such as “Syrian troops make gains as Putin defends air strikes” and “Israel launches airstrikes on targets in Gaza”. Those emails contain links to websites hosting the exploit, and so when a user with flash installed clicks on the link, the malware is installed on their computer.
The vulnerability is just the latest in a long string of weaknesses from Flash. In July, the company was forced to issue an urgent patch after another zero day vulnerability came to light following the hack of hackers-for-hire Hacking Team; and in June, Adobe barely beat the bad guys to the punch, issuing a patch for another critical weakness just days before it began being exploited by hackers in the wild.
As a result, the news has led to renewed calls for users to uninstall Flash.




Comments are closed.