Mozilla Kills Flash On Firefox As Adobe Rushes Patch
It's another
nail in the coffin for Adobe's Flash platform as Mozilla disables it from
running on the company's Firefox Web browser.
Mozilla, the developer
behind Firefox, announced this week that it has disabled the ability of Adobe
Flash -- the ubiquitous multimedia and software platform used for Internet and
mobile apps, rich content, and animation -- from its Web browser.
Users can still re-activate
the feature by selecting the option in Firefox's settings menu, but from now on
Firefox's use of Flash has been automatically disabled.
"Some
websites use Adobe Flash to display content. However, attackers can also use
the security flaws in Flash to run malicious software on your computer and gain
access to your system," a Mozilla blog posted warned. "One way to
protect yourself is by disabling or removing Flash, but if your trusted
websites require Flash, you can change your plugin settings so that Flash runs
only when you click to activate it."
The
occurrence of Flash exploits has spiked this month, starting on July 6 and
continuing until July 9, according to a report from F-Secure.
Two
of the exploits, CVE-2015-5122
and CVE-2015-5123, have yet to be patched. They arose after the first two
exploits were successfully patched.
"There were already
speculations that there seem to be strong connections between the actors behind
the two exploits kits," a July 13 blog post from the company explained.
"For example, both have used 'fileless' delivery of payload and even
similar encryption methods."
After
suffering through the criticism all weekend, Adobe
published a July 14 blog post and
security bulletin to address these concerns.
Much
of this came to light on Friday, July 10, security firm FireEye's Hacking Team released details as to how the exploit
is triggered, noting a previous company leak had already resulted in the public
disclosure of two zero-day vulnerabilities earlier last week.
A representative from
social networking giant Facebook, a company known for its complaints about
Flash vulnerabilities, was quick to call for the platform's demise.
"It
is time for Adobe to announce the end-of-life date for Flash," Facebook's
security chief Alex Stamos tweeted on Sunday.
Complaints about the
vulnerability of Flash reach well into the past. Apple co-founder Steve Jobs
wrote an open letter on the topic in 2010, calling out the platform's safety
and mobile performance issues. The fact that Jobs called out the security
problems with Flash helped add legitimacy to the number of complaints that had
been building for years.
"Flash
was created during the PC era -- for PCs and mice," Jobs
wrote. "Flash is a successful business for Adobe, and we can
understand why they want to push it beyond PCs. But the mobile era is about low
power devices, touch interfaces and open web standards -- all areas where Flash
falls short."
Adobe lost a major
proponent of Flash earlier this year when Google announced that YouTube, its
ubiquitous video sharing Web site, would switch to HTML5 on all browsers,
including Chrome, Internet Explorer, Safari, and Firefox.
Complaints about the
platform extend beyond security concerns.
In
June, Google announced it would intelligently pause content (like Flash animations) that aren't
central to the Web page, while keeping central content playing without
interruption, in an effort to reduce the drain on battery life.


 
No comments:
Post a Comment