It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.
— Alex Stamos (@alexstamos) July 12, 2015
James Vincent explains:
Last week, a 400GB cache of files stolen from spyware company Hacking Team revealed a major vulnerability in Flash that allowed hackers to execute malicious code on a target’s machine via a website. Although Adobe quickly issued a patch to fix the problem, Hacking Team’s internal memos describe the flaw as “the most beautiful Flash bug for the last four years,” suggesting it had been known about — and used — for some time previously. This is far from an isolated incident: two additional vulnerabilities for Flash were found in the same 400GB trove in the following days, and earlier this year, Adobe was forced to release emergency security updates in both February and January.
This seemingly unending list of vulnerabilities is why individuals like Stamos have turned against Flash, but the industry’s ire against the software is nothing new. In 2010, Apple CEO Steve Jobs famously penned an open letter called “Thoughts on Flash,” explaining why the company would not allow Adobe’s software on its devices. He cited issues with performance, battery life, and security as major problems, noting that Flash had “one of the worst security records in 2009.” So far, 2015 isn’t shaping up to be a good year for the software either.
Jobs was right in 2009, and Stamos is right today.
Flash borders on malware, and it’s just too old, big, and buggy to fix.
Kill it now.