Firefox blacklists Flash player due to unpatched 0-day vulnerabilities
Also, Facebook calls for Flash end-of-life, so that we can "upgrade the whole ecosystem."
Meanwhile, over at Facebook, the company's new chief security officer called for Adobe to "announce an end-of-life date for Flash," so that we can finally "disentangle the dependencies and upgrade the whole ecosystem."
And if two Web giants weren't enough, Google recently announced that the next stable version of Chrome would "intelligently" block auto-playing Flash elements.
Adobe has been scrambling to fix a number of Flash vulnerabilities since they were first exposed by the massive leak of Hacking Team internal documents last week. One of the zero-days was patched quite quickly, but two further zero-days that were publicised on July 10 went unfixed for three days. With hundreds of millions of Firefox users vulnerable, Mozilla boldly decided to blacklist the current version of Flash.
If you're a Firefox user and Flash is still blocked, you'll need to manually update to 18.0.0.209 or newer from the Adobe website. Make sure you deselect the McAfee checkbox.
Adobe needs to be careful. Antipathy for Flash has reached the point where even some of the largest Web service providers wouldn't be too fazed if it faded ignominiously into the shadows. As HTML5 and other open Web technologies continue to mature, there's less and less reason to use Flash. How many more zero-day vulnerabilities can Adobe withstand?
This post originated on Ars Technica UK
No comments:
Post a Comment