Retiring Adobe Flash Will Make the Web More Secure—Eventually

The news that Adobe had set an expiration date for the Flash media player was likely greeted in various ways at Web businesses around the world depending on whether they had already migrated to more modern multimedia platforms.

In some IT departments, the word that Adobe will stop supporting Flash at the end of 2010 means more work to check how many corporate Websites and applications still depend on flash and what needs to be done to update them to more modern players.

For the security staff, the end of Flash is very good news indeed. Flash, despite its many updates over the years, remains inherently insecure. The Flash player itself is a nearly irresistible target for hackers and it provides a wealth of entry points for malware of all sorts. Worse, Flash updates were easily spoofed, tricking end users into installing fake updates that contained malware.

RIP Flash

The size of the problem depended on what platform your organization supports Users of Apple’s iOS, for example, should already know that their devices do not support Flash.  Android, on the other hand, used to support Flash in versions 4.0 and below, but Flash support ended with Android version 4.1.

The problem is there are a lot of malware attacks that start with a browser pop-up that announces that the mobile device isn’t running Flash and then asks to install it. But since the device won’t support Flash, what’s actually being done is to install some kind of malware that happens to look just like the Flash installer you’d get from Adobe.

Something similar can happen to the Flash players in Windows and MacOS. Flash is supported in those environments, but these days it’s usually turned off. Just like on Android devices, you’ll see the prompt appear from a pop-up asking to install Flash from some unknown website. If you do, you will be installing malware unless you get the installation directly from Adobe.

Loading ...

But the threat doesn’t end there. Flash apps can make use of legitimate Flash players to install and run malware that can sometimes elude antivirus software. Of course, the Flash player itself was a favorite target for hackers because of its ubiquity and its ability to gain control of computer resources.

All of this means that the security staff will need to make sure that your organization, as well as devices that can access the company network, run frequently-updated Flash players.

Or they can solve the whole Flash problem by not allowing Flash on any computer or device that’s able to connect to the company network.

Originally published on eWeek

Read more on Page 2…

Page: 1 2

Wayne Rash

Wayne Rash is senior correspondent for eWEEK and a writer with 30 years of experience. His career includes IT work for the US Air Force.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago