It hasn’t been a good week for Adobe. In the wake of the Hacking Team hacks that leaked 400GB of data belonging to the secretive company earlier this month, multiple 0-day exploits surrounding Java and Flash have been shared with the online community. Adobe reacted quickly and addressed the first set of problems, but a second wave of flaws was discovered soon after including another pair of 0-day exploits.
This was the straw that broke the camel’s back in the tech community. Firefox’s Chief Security Officer, Alex Stamos, has already blacklisted Adobe Flash Player and is asking for a firm “end of life” date from Adobe. Stamos made his thoughts known via Twitter when he Tweeted “It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.”
Flash has already been on life support. Both Chrome and Firefox have already moved on to HTML5 but Internet Explorer 11 still uses the Flash Player by default on YouTube. There are other services and ads that still rely on Adobe Flash, but that number has been steadily declining over the last few months.The recently discovered 0-day attacks have been severe and at least one of the attacks were severe enough to breach the sandbox Google had built around the Chrome browser. Full details on that attack were published by the security research firm Cybereason last week.
The underlying threats to services like Flash (and Java) make it a smart move to go ahead and deactivate the product before it can do any serious damage. Adobe has yet to respond to requests from the tech world to set a firm phase-out date, but it’s just past time. In the meantime, this may cause some problems with websites that trade primarily in flash titles, but it’s time for everyone to move to more secure solutions.
What do you think? Are you in agreement with Firefox and Stamos that it’s time to put Adobe Flash down?