Home Time To Die: Let’s Resolve To Get Rid Of Flash Already

Time To Die: Let’s Resolve To Get Rid Of Flash Already

Adobe Flash, the standard that animated the early Web, is going the way of the dinosaurs—even YouTube has now transitioned to HTML 5. And its already battered reputation has taken further hits this year thanks to three serious security vulnerabilities that have emerged in just the past two weeks.

Enough is enough. It’s time for Web users to wean themselves of their lingering attachment to this buggy, outdated software … and uninstall Flash.

See also: ReadWriteWeb DeathWatch: Flash

True, not everyone’s going to be able to make the jump right away. Some internal corporate applications still require Flash; some websites still cling to it. But for your own safety, and for the good of the Web, you should make the effort.

Time To Say Goodbye

ReadWrite has cheered Flash’s impending doom since 2012. But no one makes the case better than the anonymous writers of the great Occupy Flash site, who write:

Flash Player is dead. Its time has passed. It’s buggy. It crashes a lot. It requires constant security updates. It doesn’t work on most mobile devices. It’s a fossil, left over from the era of closed standards and unilateral corporate control of Web technology. Websites that rely on Flash present a completely inconsistent (and often unusable) experience for fast-growing percentage of the users who don’t use a desktop browser. It introduces some scary security and privacy issues by way of Flash cookies.

They’re not kidding about Flash’s security vulnerabilities. The recent discoveries all involve so-called zero-day exploits, in which malicious hackers use or distribute tools that take advantage of previously undiscovered security flaws. 

The first two exploits were somewhat less serious, as they required users to click on malicious links in spammy emails or texts. Most people are smarter than that these days—we hope.

The third one, though—discovered by TrendMicro—uses a malicious advertising vector, and thus affected far more users. Basically, anyone visiting a high traffic website infected with malicious advertisements could find their system hacked.

The security firm Malwarebytes found the ads on dozens of mainstream sites, including dailymotion.com, theblaze.com,nydailynews.com, tagged.com, webmail.earthlink.net, mail.twc.com and myj.uno.com. These ads would then redirect users to a landing page for the exploit kit Hanjuan that would do the real dirty work.

Take The Flashless Challenge

If the idea of having your laptop infected just because you visited an otherwise innocuous website doesn’t appeal to you, it’s time to get rid of Flash if you can. (Yes, Adobe has patched that particular vulnerability—but have you installed the patch? Will you install the next one, and the next one after that?)

Here’s how.

To Uninstall Flash

You’ll need to download and run an uninstaller program. Adobe offers instructions for Windows and Macs

To Tame Flash If You Can’t Get Rid Of It

If you need Flash for work, or are addicted to DailyMotion, or can’t deal with Facebook and Amazon refreshing pages too slowly, another option is to use an extension like FlashBlock. This allows you to limit your Flash usage to the sites you select. While you’ll still be somewhat vulnerable if a popular site is infected with malicious advertising, it’ll lower your risk.

  • Firefox: Go to Tools->Add-ons->Plugins, where you can set Shockwave Flash to “ask to activate” (or “never activate”).
  • Chrome: Go to Preferences->Settings->Advanced Settings->Privacy->Content Settings->Plugins->Click to play (or block by demand)

If you’d prefer, you can use extensions such as Flashblock, available for Firefox and Chrome, or NoScript for Firefox.

It’s worth noting that Chrome’s sandbox provides some protection. No matter which browser you use, though, you’ll also want to install patches and updates as soon as they’re available. 

Lead image by ReadWrite

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.