Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Adobe Flash
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Security=== {{See also|Adobe Flash Player#Security|Browser security#Plugins and extensions}} For many years Adobe Flash Player's security record<ref>{{cite web|url=https://helpx.adobe.com/security.html#flashplayer|title=Security bulletins and advisories|access-date=March 27, 2010| archive-url= https://web.archive.org/web/20100406041941/http://www.adobe.com/support/security/| archive-date= April 6, 2010 | url-status= live}}</ref> has led many security experts to recommend against installing the player, or to block Flash content.<ref>{{cite news|url=http://news.cnet.com/8301-27080_3-10396326-245.html|work=[[ZDNet]]|title=Expert says Adobe Flash policy is risky|date=November 12, 2009|access-date=March 27, 2010|archive-date=April 26, 2011|archive-url=https://web.archive.org/web/20110426041823/http://news.cnet.com/8301-27080_3-10396326-245.html|url-status=dead}}</ref><ref>{{cite web|url=https://www.zdnet.com/article/protect-yourself-from-flash-attacks-in-internet-explorer/|title=Protect yourself from Flash attacks in Internet Explorer|website=[[ZDNet]]|date=September 9, 2012|access-date=July 7, 2013|quote=I recommend that you disable the Shockwave Flash add-on in IE completely|archive-date=June 19, 2013|archive-url=https://web.archive.org/web/20130619110939/http://www.zdnet.com/protect-yourself-from-flash-attacks-in-internet-explorer-7000003921/|url-status=live}}</ref> The [[United States Computer Emergency Readiness Team|US-CERT]] has recommended blocking Flash,<ref>{{cite web|url=https://www.us-cert.gov/publications/securing-your-web-browser|title=Securing Your Web Browser|access-date=March 27, 2010|archive-url=https://web.archive.org/web/20100326131333/http://www.us-cert.gov/reading_room/securing_browser/|archive-date=March 26, 2010|url-status=dead}}</ref> and security researcher [[Charlie Miller (security researcher)|Charlie Miller]] recommended "not to install Flash";<ref>{{cite web|url=http://www.oneitsecurity.it/01/03/2010/interview-with-charlie-miller-pwn2own/|title=Pwn2Own 2010: interview with Charlie Miller|date=March 1, 2010|access-date=March 27, 2010|archive-url=https://web.archive.org/web/20110424022058/http://www.oneitsecurity.it/01/03/2010/interview-with-charlie-miller-pwn2own/|archive-date=April 24, 2011|url-status=dead}}</ref> however, for people still using Flash, [[Intego]] recommended that users get trusted updates "only directly from the vendor that publishes them."<ref>{{cite web|title=How to Tell if Adobe Flash Player Update is Valid|url=http://www.intego.com/mac-security-blog/how-to-tell-if-adobe-flash-player-update-is-valid/|publisher=Intego|access-date=9 April 2013|date=March 8, 2013|archive-date=May 17, 2013|archive-url=https://web.archive.org/web/20130517010423/http://www.intego.com/mac-security-blog/how-to-tell-if-adobe-flash-player-update-is-valid/|url-status=live}}</ref> Adobe Flash Player has over 1078 [[Common Vulnerabilities and Exposures|CVE]] entries,<ref>{{cite web|url=http://www.cvedetails.com/product/6761/Adobe-Flash-Player.html?vendor_id=53|title=Adobe Flash Player : CVE security vulnerabilities, versions and detailed reports|access-date=February 12, 2015|quote=291 total vulnerabilities|archive-date=March 7, 2015|archive-url=https://web.archive.org/web/20150307184945/http://www.cvedetails.com/product/6761/Adobe-Flash-Player.html?vendor_id=53|url-status=live}}</ref> of which over 842 lead to [[arbitrary code execution]], and past vulnerabilities have enabled spying via web cameras.<ref>{{cite web|url=http://www.h-online.com/security/news/item/Adobe-remedies-webcam-spy-hole-in-Flash-1364631.html|title=Adobe remedies webcam spy hole in Flash|access-date=April 4, 2012|archive-date=June 3, 2012|archive-url=https://web.archive.org/web/20120603124549/http://www.h-online.com/security/news/item/Adobe-remedies-webcam-spy-hole-in-Flash-1364631.html|url-status=live}}</ref><ref>{{cite web|url=http://www.h-online.com/security/news/item/Flash-Player-as-a-spy-system-1073161.html|title=Flash Player as a spy system|access-date=April 4, 2012|archive-date=March 10, 2012|archive-url=https://web.archive.org/web/20120310071434/http://www.h-online.com/security/news/item/Flash-Player-as-a-spy-system-1073161.html|url-status=live}}</ref><ref name="FlashSettings">{{cite web |url=http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html |title=Adobe Flash Player Settings Manager |publisher=Adobe Systems |access-date=July 1, 2010 | archive-url= https://web.archive.org/web/20100620070041/http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html| archive-date= June 20, 2010 | url-status= live}}</ref><ref>{{cite web|url=http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html|title=Global Privacy Settings panel|publisher=Adobe Systems|access-date=April 4, 2012|archive-date=April 4, 2012|archive-url=https://web.archive.org/web/20120404054214/https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html|url-status=live}}</ref> Security experts have long predicted the demise of Flash, saying that with the rise of HTML5 "...the need for browser plugins such as Flash is diminishing".<ref>{{cite web|url=http://www.sophos.com/en-us/medialibrary/PDFs/other/sophossecuritythreatreport2013.pdf|title=Sophos Security Threat Report 2013|publisher=Sophos|pages=11, 24|date=December 2012|access-date=May 9, 2010|archive-url=https://web.archive.org/web/20130203145927/https://www.sophos.com/en-us/medialibrary/PDFs/other/sophossecuritythreatreport2013.pdf|archive-date=February 3, 2013|url-status=dead}}</ref> Active moves by third parties to limit the risk began with [[Steve Jobs]] in 2010 saying that Apple would not allow Flash on the [[iPhone]], [[iPod Touch]], and [[iPad]] β citing abysmal security as one reason.<ref name="thoughtsFlash">{{Cite web |url=https://www.apple.com/hotnews/thoughts-on-flash/ |title=Thoughts on Flash |first=Steve |last=Jobs |publisher=Apple.com |date=April 29, 2010 |access-date=2012-06-18|archive-url=https://web.archive.org/web/20120612011820/http://www.apple.com/hotnews/thoughts-on-flash/|archive-date=2012-06-12|url-status=dead}}</ref> Flash often used the ability to dynamically change parts of the runtime on languages on OSX to improve their own performance, but caused general instability. In July 2015, a series of newly discovered vulnerabilities resulted in [[Facebook]]'s chief security officer, [[Alex Stamos]], issuing a call to Adobe to discontinue the software entirely<ref name="stamos">{{cite web|url=https://www.theverge.com/2015/7/13/8948459/adobe-flash-insecure-says-facebook-cso|title=Facebook's new chief security officer wants to set a date to kill Flash|first=James|last=Vincent|website=The Verge|date=July 13, 2015|access-date=July 14, 2015|archive-date=July 13, 2015|archive-url=https://web.archive.org/web/20150713193019/http://www.theverge.com/2015/7/13/8948459/adobe-flash-insecure-says-facebook-cso|url-status=live}}</ref> and the [[Mozilla Firefox]] web browser, [[Google Chrome]], and [[Safari (web browser)|Apple Safari]] to blacklist all earlier versions of Flash Player.<ref name=ars-flashblockfirefox>{{cite web|title=Firefox blacklists Flash player due to unpatched 0-day vulnerabilities|url=https://arstechnica.com/security/2015/07/firefox-blacklists-flash-player-due-to-unpatched-0-day-vulnerabilities/|website=Ars Technica|publisher=CondΓ© Nast|access-date=15 July 2015|date=July 14, 2015|archive-date=July 4, 2017|archive-url=https://web.archive.org/web/20170704095644/https://arstechnica.com/security/2015/07/firefox-blacklists-flash-player-due-to-unpatched-0-day-vulnerabilities/|url-status=live}}</ref><ref>{{cite web|title=Adobe Flash has been blocked because it's out of date|url=https://support.google.com/chrome/answer/6258784|website=Google Support|access-date=20 October 2015|archive-date=January 1, 2016|archive-url=https://web.archive.org/web/20160101081846/https://support.google.com/chrome/answer/6258784|url-status=live}}</ref><ref name=flashblocksafari>{{cite web|title=Apple blocks old, unsafe Adobe Flash plug-in versions in OS X Safari|url=https://appleinsider.com/articles/15/10/20/apple-blocks-older-adobe-flash-plug-in-versions-on-os-x|website=Apple Insider|date=October 20, 2015|access-date=24 October 2015|archive-date=July 24, 2020|archive-url=https://web.archive.org/web/20200724234016/https://appleinsider.com/articles/15/10/20/apple-blocks-older-adobe-flash-plug-in-versions-on-os-x|url-status=live}}</ref>
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
Adobe Flash
(section)
Add topic
