Another major Flash security flaw was uncovered this week prompting Adobe to release an emergency patch. The exploit, along with the story behind its uncovering, is a perfect example of why it's time to abandon Flash once and for all.
It's time to let Flash fade into history
Like so many other Flash-based exploits, this one allows attackers to take control of your computer. Adobe quickly released a patch for the security issue, but not before details of how to take advantage of the flaw started circulating on the Internet.
The flaw was uncovered when Hacking Team's own data systems were breached and attackers made off with all kinds of data, including major Flash security flaws that hadn't been shared with Adobe or the public. Hacking Team is a company that sells hacking tools to government agencies around the world, some of which take advantage of weaknesses in the Flash platform.
The tools Hacking Team makes have allegedly been used by governments to spy on organizations they don't approve of or see as subversive. In other words, the company is holding back Flash exploits to use in the spying tools it sells to government agencies. Flash, it seems, is a weapon of choice in computer espionage.
It's no secret that Flash is a security nightmare. Adobe routinely releases updates to patch exploits that let attackers take control of victim's computers, including one rolled out only a couple weeks ago.
Flash has been losing popularity for years leading Adobe to drop its efforts to bring the platform to mobile devices. Apple stopped including Flash a part of the default OS X installer for Macs years ago, and Adobe even conceded that HTML5 was the new standard for multimedia delivery on the Internet.
The Internet's move away from Flash isn't slowing down, and issues like the Hacking Team data breach only help to underscore why the platform's best days are behind us. The Hacking Team incident is a clear reminder that companies and governments hold back Flash exploits so they can use them for espionage and profit at our expense.
At this point, Flash is a liability anywhere it's installed. If you don't need it, don't install it on your computer. If you do need it, ask yourself why, because it's possible there's an alternate solution available. If there isn't, then it's time for the companies giving you Flash-only services to change their content delivery systems.
On a side note, Hacking Team inadvertently gave a perfect example of why jailbreaking iPhones shouldn't be done on a whim: they also have spying tools designed to be installed on jailbroken iPhones.
If you absolutely must have Flash installed on your Mac, Windows PC, or Linux PC, make sure you're running the latest version. As of July 8, that's 184.108.40.206 for Mac and Windows, and 220.127.116.118 for Linux.
Adobe has a Web page listing all of the current Flash versions that also tells you which version is installed on your computer. The latest Flash player installer is available at Adobe's Get Flash Web page, too.