Flash Player Status
As you may be aware, there have been concerns this month over what have been headlined as ‘critical’ zero-day security flaws for Adobe Flash in the browser. We have seen an enormous amount of press coverage – some of which has been inflammatory and ‘Flash bashing’ for the sake of column inches – rather than addressing the reality.
This article takes a sober look at the facts from our perspective, seeks to reassure existing and prospective customers, and provide some insight into how Scrypt, Inc. is approaching the situation in a resolute and pragmatic fashion.
First, here’s some background to provide context.
Adobe Flash Player (formerly Macromedia Flash) has been used for creating vector graphics, animation, browser games, rich Internet applications, desktop applications, mobile applications and mobile games for over 15 years. Flash introduced ActionScript in the early 2000s to enable developers to produce interactive experiences and applications for the Web, that eventually came to be known as “Rich Internet Applications” (RIAs). Since then Flash has been a robust ‘industry-standard’ and universal approach to creating interactive user experiences with features like ‘drag and drop’.
Scrypt, Inc. originally selected the plug-in to provide a consistent rich experience that, unlike its decreed replacement (HTML5), worked on older browsers often found in industries such as healthcare. HTML5 is a core technology markup language. Apple’s then CEO, Steve Jobs, proclaimed in 2010 an open letter entitled ‘Thoughts on Flash’ that HTML5 would win but it has taken a further 5 years for HTML5 to become final and complete which happened in October 2014.
HTML5 was always the end game for us. With new support in the latest browsers (Chrome, Safari, Firefox and IE), HTML5 can finally offer a more consistent and attractive approach for enterprise-grade applications.
We currently use Flash in varying measures for Sfax, Scrypt and FaxAgent. Like all Internet technologies, Flash has continued to evolve to meet increased demands and sophistication of users while addressing the challenges of security, and patching any vulnerability discovered. Flash is far from the only plugin to experience negative press over the years and its maker, Adobe, has always re-grouped, fixed any known issues and the product has soldiered on.
Now to the present.
Earlier this month, Mozilla Firefox announced that it is temporarily disabling Flash by default until Adobe was able to address recent exploits discovered in the plugin. Google then followed suit with a similar announcement. Microsoft and Apple have not made any announcements although Apple blocks support for older versions of Flash over security issues.
Adobe was quick to react, and released a Flash Player update (version 18.104.22.168) on July 17, 2015 that fixed the identified vulnerabilities, and also added new low-level defenses that not only fixed two vulnerabilities that were being targeted by attackers, but added additional protections that will make entire classes of security flaws much harder to exploit in the future.
After completing our own risk assessments, we remain entirely confident with the Flash Player, provided users upgrade to the latest version, and that our products are as secure and compliant as ever. Based on our experience of building software for over 20 years, if any further issues arise, we know that Adobe will continue to update what has been a stalwart industry-standard player plug-in across the web.
However, security and compliance will always remain our primary concerns. Given recent events and the groundswell of desire from titans like Google to see its demise, we accept that the ‘writing is on the wall’ for Flash in the next 6-12 months.
Therefore, we have not wasted a moment. Knowing that HTML5 is now in a position to provide a solid basis for future development, we have accelerated company-wide initiatives to replace Flash with HTML5 across all our products. We will have to accept that by adopting HTML5 we can only support the latest browsers, but feel that this adjustment is a small sacrifice worth making for the peace of mind of our customers.
To reiterate, as of right now, provided you upgrade to the latest version of Flash there are no issues that should cause you concern.
Look out for more specific product announcements on the replacements of Flash in the very near future. We know how important our products are to your business and will work tirelessly to address this situation in a timely manner.