Mozilla has blocked it completely and Facebook’s chief security officer has tweeted that it’s time to put it out to pasture – but why is everyone hating on Flash? Here’s why, and why you might want to think about limiting it too.
Well firstly because it’s notoriously attacked. Flash can often be found cooling its heels in the list of top 10 applications targeted by attackers; probably because it could legit use the Beach Boys “I get around” as its anthem – it’s on many a platform and browser, often running silently behind the scenes.
It’s also had repeated security problems – tech news website The Register has even dubbed it “the screen door through which the raw unfiltered sewage of the internet oozes into the homes of netizens”, which is excellent…unless you’re Adobe.
The company is aware that things need to change though, and insists that it’s taking more proactive steps toward our security: “Aside from generally hardening the code, and finding and addressing vulnerabilities internally, a key focus area has been the development of mitigation techniques that prevent entire classes of vulnerabilities from being exploited. The introduction of some of these mitigation techniques has been on the roadmap but is moving forward more quickly as a result of recent developments.” However the amount of bugs being spawned into the world of late would suggest otherwise.
Despite this, at least three vulnerabilities have been discovered in Flash over the last fortnight. All three should have been patched by now, so make sure if you do run Flash that you’re updating your software. A number of these recent exploits are zero days (a vulnerability that’s exploited before the vendor realises it has a hole) from the Hacking Team leak.
Google have also recently made changes to how Chrome handles flash, by “intelligently pausing any flash objects not central on the page”, which was designed more as a means to save battery life, and has also patched flash to the latest available version of Flash.
Uninstalling Flash for good is one option for protecting yourself, but another is to change your browser settings so that Flash will only run when you tell it to, rather than just in the background all the time (the stalker) – which is essentially what Mozilla is forcing now. Only activate Flash on sites you trust and as always keep an eye out for current security news (UKFast customers can sign up to our security newsletter in MyUKFast) and practice good security, peeps!
For a closer look at our security solutions take a look at our website or give us a call on 0208 045 4945.