The technology industry finally agrees on one thing: Flash must die.
The fever pitch to bring the death of Adobe Flash is accelerating.
Following the high profile breach of the surveillance company Hacking Team, critical zero day bugs were discovered in Flash that allowed attackers to take over user’s machines to steal information or hold them for ransom.
In response to these critical bugs, Mozilla went to rather extraordinary efforts to block the Flash plugin from its Firefox browser. Adobe quickly released a patch (Flash version 220.127.116.11) and Mozilla’s blocklist page shows that the issue has been resolved.
After the Hacker Team Flash vulnerabilities became public over the weekend, Facebook’s chief security officer Alex Stamos called for the end of Flash once and for all.
Even if 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once.
— Alex Stamos (@alexstamos) July 12, 2015
Outside of the Firefox patch, Adobe has been relatively silent on the most recent maladies of Flash. Adobe has not announced an end-of-life cycle for Flash nor given any indication that it plans on doing so.
Flash has long been the dominant video and rich media plugin for the Web, to the chagrin of technologists and users alike. For users, Flash requires constant updates and does not work with most mobile browsers. On iPhones or iPads, it has never been supported as Apple founder and CEO Steve Jobs famously lambasted Flash for its lack of battery efficiency and security shortly before his death. Google would follow by ending support for Flash on Android in December 2011.
For its part, Microsoft has realized that the era of the video plugin for the Web is basically over. Microsoft has announced the end-of-life cycle for its Silverlight video plugin and has stated that it will not support Silverlight in the forthcoming Edge browser for Windows 10.
Security researcher Graham Cluley elaborates on what he believes Adobe should do with Flash:
If Adobe Flash is ever going to be kicked to the kerb (as it seems it should be) then a date clearly needs to be declared to drive the push to a Flash-free world. It’s not just important for browsers, of course, but also for companies whose websites and in-house applications might rely heavily on the technology.
The problem is that perhaps Adobe doesn’t feel happy acknowledging that securing Flash is beyond them, and so is unwilling to drop the product. The truth is that the company would probably gain a lot more respect from the internet community if it worked towards this ultimate fix for the Flash problem, rather than clinging on to the belief that it might be able to one day make Flash secure.
Bring Forth The Era Of HTML5 Video
One of the reasons the video plugins like Flash and Silverlight are no longer needed on the Web is due to the rise of HTML5 video standards. Microsoft Edge will take advantage of HTML5 video tools including DASH (Dynamic Adaptive Streaming over HTTP) from MPEG. Google has adopted a variety of HTML5 video standards for its Chrome browser such as V8 and V9 variants of WebM. Apple supports H.264 while Mozilla has long tried to push Theora as the standard HTML5 video standard on the Web.
The reason for the push by browser makers to adopt HTML5 and Web standards for video is because the various stacks offer much more flexibility and support than proprietary systems owned by the likes of Adobe, Microsoft and Apple (with Quicktime).
The major technology companies do not often agree with each other when it comes to technology standards and the direction of the industry. The quibbling over various versions of HTML5 video standards is distinct proof of that. But the one thing they can all agree on is that Flash must finally die so that HTML5 may rise.