Enhancing the Security of Adobe Flash

Adobe's Flash player has had its share of security issues, so much so that some users have refused to install it. Here's technique that will allow you to keep Flash installed, but allow it to run under your control. It's called ClicktoFlash, and it'll speed up your Safari browsing too.

When you visit a Website that uses Flash, the site sends a request to the Flash Player on your Mac to activate. There may be multiple Flash sources on a page, in addition to the one you're interested in -- perhaps some ads as well. Some may not be easy to see, but they'll still chew up your CPU and pose possible security risks.

Adobe's Flash player, located in /Library/Internet Plug-Ins/ then springs into action to render the videos. A significant problem is that Adobe doesn't supply a auto-updater for the Flash Player and it isn't folded into Mac OS X's Software Update. As a result, many users are left perusing the Internet with, possibly, an older and vulnerable version of Flash, and they don't even know it.

So far, the only solutions have been to either remove the Flash Player or keep a sharp eye out for the latest version and stay on top of the updates.

This page shows you the latest version of Flash Player.

This page shows you the version you have installed.

ClicktoFlash to the Rescue

Fortunately, there is a handy plug-in called ClicktoFlash from the Red Shed Sofwtare Company. It intercepts the request to the Flash Player and inserts a graphic, like the ones below, on a Web page that has Flash content.

CTF 1a

Click to play the content or click the gear for options

Note: This utility will work only with Safari 3 or later and Safari 4 is highly recommended. ClicktoFlash, by the way, inserts a .webplugin file into /Users/username/Library/Internet Plug Ins. That's all it does, and it's easy to uninstall if you need to.


A .webplugin file is installed.

From now on, whenever you visit a page that has Flash content, you can selectively chose which Flash item you want to play -- just click it. Ads and other content you're not interested in won't be executed. This will also speed up your browsing.

Note the gear in the upper left corner of the Flash content. That controls all your options, including an option to uninstall. The first popup shows immediate options.


Gear popup for options

The bottom item, ClicktoFlash Settings..., brings up a page of preferences.



ClicktoFlash has a lot going for it. It's easy to install or uninstall. It's trivial to use in practice. It's in constant development, and you can have it check for updates. You can Whitelist entire sites that you trust. Your Mac will spend less time executing Flash code, and Safari will seem snappier.

Note that this plugin only works for Apple's Safari. If you want equivalent functionality for, say, Firefox or Camino, you can use a product called Flashblock. ClicktoFlash is free, but the developer requests a modest donation of US$6 to support development.  I've sent him my donation.

Here's an additional note from the developer on the "invisible" Flash setting.


Thanks to TMO reader Sir Harry Flashman for the tip on this very handy plugin.