Flash provides rich multimedia experience developed by Adobe in 1996. Since it’s inception it has been widely adopted for creating interactive web interfaces, games, videos and animations. With it’s wide spread adoption it has been frequently targeted by hackers and for the last few years it has been in the headlines for wrong reasons. Flash vulnerability is on the rise and there has been a lot of concern raised by the tech industry regarding it’s future and the steps adobe needs to take.
In the past couple years one might have heard multiple times that “Flash is Dead” only to find out no it’s not. Yes HTML 5 can accomplish a lot and more of what Flash can do but the reality is the organizations who built major application on Flash won’t simply go away any time soon. When iPhone was launched it took first steps to raise awareness regarding security concerns about the Flash plugin when it didn’t support Flash at all on the Safari browser. This was a hot topic at that time and numerous efforts were made to convince Apple to enable Flash support. Fast forward today the 4 main browsers i.e. Chrome, Firefox, Safari and Edge all disable Flash by default. However the main stream browsers are still leaving the option for the user to enable Flash plugin as needed.
Flash has a long history of critical security updates and patches, only to find more issues surface. The most common flash vulnerabilities include executable code, denial-of-service, overflow and Cross-Site Scripting. Due to the severity of the issues many technology experts have encouraged the users to disable Flash completely and look for alternatives. The site CVE explains flash vulnerabilities in detail. The below chart taken from CVE clearly shows the flash vulnerabilities are on the rise and it is well and alive today.
The last two years have been the worst for the Flash plugin and is really pointing out the the huge risk that a typical user is exposed to. My personal recommendation is to stay away from Flash completely and I hope in near future the browsers drop Flash support completely. This is the only way I can see organizations looking for other technologies and port their Flash applications as soon as possible.