Facebook’s newly-appointed security chief Alex Stamos has said on Twitter that it is time for Adobe to announce when Flash would be killed off, and for browsers to assist by dropping support at the same time (via HotForSecurity). He further said in another tweet that Adobe’s death date didn’t have to be today or tomorrow, “but a date had to be set in stone for systems to be made more secure”.
“It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.”
“Even if 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once.”
While announcing a date when Flash would finally be discontinued is not just important for browsers, but also for companies whose websites and in-house applications might rely heavily on the technology, the security blog notes that the real problem is that Adobe doesn’t feel happy acknowledging that securing Flash is beyond them, which is why it isn’t willing to drop the product yet.
“The truth is that the company would probably gain a lot more respect from the internet community if it worked towards this ultimate fix for the Flash problem, rather than clinging on to the belief that it might be able to one day make Flash secure”.
Whether Adobe acknowledges this or not, it is however common knowledge that Flash has been frequently targeted by online criminals who exploit flaws in the software to infect innocent people’s computers.
More than five years ago, late Apple CEO Steve Jobs famously penned an open letter sharing his thoughts on Adobe’s Flash and how it was a poor standard. YouTube earlier this year dumped Flash for HTML5. Looks like all this time, Jobs was right.