Facebook’s chief security officer, Alex Stamos, echoed a message first delivered quite memorably by Steve Jobs in 2010: it’s time for Adobe to kill Flash. Addressing Apple’s position of not supporting the plug-in on iOS and instead pushing HTML5, security was just one key point in Jobs’ epic Thoughts on Flash essay when the iPad launched.
We also know first hand that Flash is the number one reason Macs crash. We have been working with Adobe to fix these problems, but they have persisted for several years now.
Five years later, our dependence on Flash has greatly diminished on the desktop, but security issues continue to be an issue with the plug-in. In 2010, Jobs used more than 1600 words to explain Apple’s reason for not adding Flash support to iOS. In 2015, Facebook’s security chief pushed the message in less than 140 characters:
“It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day,” Stamos tweeted. The CSO added that even if the end-of-life date is a year and a half from now, it’s needed to “disentangle the dependencies and upgrade the whole ecosystem at once.”Security remains a key issue for Flash as just last month Adobe had to address a bug that allowed hackers to takeover systems through a vulnerability in the plug-in. For Apple’s part, the company stopped pre-installing Flash on its Macs in 2010. This allows users to decide whether or not to run Flash while ensuring the latest version is installed when used. Similarly, Apple has blocked support for older versions of Flash to address security concerns.
Apple’s history with Flash has a few interesting turns as well with Adobe’s former CTO Kevin Lynch, whose previous role meant defending Flash against Apple, now running Apple Watch’s watchOS development… and no, Flash isn’t supported, but there is this cringeworthy video from that whole era:
H/T BI
FTC: We use income earning auto affiliate links. More.
Web developers and companies has to make Flash useless.
If a site has a Flash video player… What can Adobe do?
The owner of the site has to change it to HTML5.
Adobe should keep taking care of ‘vulnerabilities’ but —as Apple did— web developers and companies should stop using Flash!
“Adobe should keep taking care of ‘vulnerabilities’ but —as Apple did— web developers and companies should stop using Flash!”
This is the thing web developers and companies won’t stop using Flash! It’s going to be up to Adobe to announce an EOL date and for browser makers to block Flash after this date. The massive reduction in traffic that will occur to websites that rely upon Flash should then be enough to convince them to redevelop their website with HTML 5 solutions assuming they haven’t already by the time the EOL date comes around.
/rant
I totally agree with you – Adobe must EOL this piece of dreck!
But – as other have said – so many sites insist on using it. IF Adobe would EOL it – these sites would have to get on board or fall by the wayside!
I Hate Flash – but, at least in today’s web, it’s a necessary evil. Even my bank’s web site uses flash. Secure . . . . Hardly!
I agree with Luis. I think we need more helpful tips about how to go Flash free. Is there a list of top sites that don’t require flash? How about a list of sites that do so users can contact them for a flash free version.
The first time is to take the first step. Uninstall Flash on your system. When you come to a site that requires it, contact them about it. You can always access that site/page with Chrome which has built-in support for Flash in the meantime.
Then take a moment and write to Google and ask them to remove Flash from Chrome.
The problem with that is that Chrome is terribly memory and battery inefficient. I’ve stopped using Chrome in favor of Safari. It’s faster and better with memory and battery. As for Flash, Safari is pretty good at blocking most Flash things with Safari Power Mode (or whatever it’s power management feature is called)
It’s quite simple. You uninstall Flash completely. You then enable developer mode in Safari (preferences/advanced/select show develop in menu bar. When you visit a site that uses Flash, go/ develop/user agent/safari iOS iPad. Site will reload and force it to load content in its alternate mode, non Flash. Then the webmaster will see the number of people visiting the site using mobile browsers and hopefully get the hint.
Working for Apple I can tell you that Flash was never the number one reason why Macs crashed lol.
If you were working for Apple wouldn’t it be against the rules to post such insider information?
Insider information….lol. Must defend Apple!
So you know more about this than Steve fucking Jobs? I somehow doubt it, and “working for Apple” can mean something as simple as working in an Apple Store. Plus I’m pretty sure you’d be NDA’d up the ass with that kind of information if you genuinely knew it.
Listen take any laptop (Windows or OS X), load any flash site, pause the video if that is what you are doing. Listen closely as the fans spin up. After about 30 minutes, quit the browsers and listen to the fans stop. On pause Flash uses more CPU than a video encoder does! Also it leaks memory. Doesn’t match Java’s memory leaks but it leaks.
Yes, the number one reason Macs crashed was Adobe software in general. Not just Flash.
Yes, I always believe tech advice from people who end their sentences with “lol”.
Adobe takes forever with most of this stuff though, to be brutally honest. El Capitan is coming out soon and they still haven’t implemented Lion’s full screen app functionality. All of their software feels aesthetically old on Mac OS X.
They never will. They don’t want to rely on OS level API’s for things like that. Why do you think the UI is so god awful and looks nothing like a Mac (or Windows) app any more? They use their own shitty interface that’s somewhere in between or some abomination of UI/UX design (don’t get me started on the dreck that’s known as Acrobat DC).
I can understand them not wanting to support the full screen etc as they have to maintain two platforms with a single codebase, but they really should start making use of what each platform has to offer. At least they seem to be doing this with Metal. It’ll be rather hilarious when they get this up and running and it runs circles around the other options (CUDA and OpenCL) and Macs yet again have a genuine performance edge over Windows as in the PowerPC days.
Think it’s also because of the palettes. Many people use a seperate window for palettes and making Adobe apps support full screen, would mean trouble for those palettes if you go full screen, not full-screen back and 4th.
I haven’t had Flash installed on my desktops for years. It’s always sucked – very happy it’s never been supported in iOS.
BUT…
As long as Adobe continues to make money from Flash they’ll continue to develop and push it. It’s naive or simply disingenuous to prompt or expect Adobe to set an EOL date for Flash, let alone to coordinate removing browser support.
Instead, companies like Facebook should “put their money where their mouths are” and stop using Flash. Facebook started supporting HTML5 video on the desktop just within the past two months FFS! Seriously.
This kind of admonition of Adobe coming from someone at Facebook is beyond rich, it’s positively ludicrous, considering Facebook’s whole forward facing component of their platform is a bad joke, designed for 1999, rather than 2019. FB, look forward and offer us tomorrow’s trends today. Until your platform grows up from a 90’s message wall, you really shouldn’t be telling industry pioneers and heavyweights what to do.
Facebook needs Flash so they can blame Flash for garhering all that info about you ‘by mistake’.
Facebook have stopped using Flash support for videos already.
Adobe could have made more money from Fireworks than Flash, but they canceled development on that app while Flash continues to drag on.
Flash is a performance hog and an never ending security hole, bin it.
If Apple is all about dropping legacy stuff, they could well somehow remove/block support for Flash in El Capitain. They did it for usb-a and (unfortunately) for MagSafe, now it’s time they started doing it for software too…
Too soon for that. Lots of people still need flash for work. People who work in the app business (not mobile), who also need to work with Java, etc… they still need flash.
Apple doesn’t completely block flash especially for this reason.
People who work in the “app business” should go back to college and learn how to code like real developers do and not rely on Adobe software as their only means of creating content. BTW, tell us what kind of apps you write for flash?
os X doesn’t come with flash, and you only install it if you want.
Flash is teghnology that was invented in Middle Ages. It is so slow, power hungry, vulnerable to hacks, etc.
Every time the Adobe Flash plug-in starts on my Mac, I hear an Airbus A380’s engines start… Only thing is, there’s no airport near my home…
OH YES PEOPLE! It was my Macbook’s fans running full throttle. My battery life started melting away like ice in front of the sun… oh no wait… that’s way too slow…
More like: like ice ON the sun’s surface.
The day Flash is dead, people will celebrate, there will be a new era called ‘post flash era’ just like we have the Middle Ages, Renaissance, etc.
After Flash, we just need to get rid of Facebook next. More security followed by more privacy. Win-win!
It’s Adobe’s fault, they never update the plug-in to address security and cpu usage concerns, it they had made it a priority none of this would have gained momentum. Not only that, my poor laptop fan goes into hurricane mode when ever it encounters flash.
Except in some instances, HTML5 is less secure than Flash. More broadly the difference in security is likely a wash with neither being particularly safe. The primary reason Jobs wanted to switch to HTML5 was because he didn’t want to pay royalties to Adobe.
If that’s what you want to believe, then you may either be fooling yourself, or ignore the facts about this.
We respect your opinion, but don’t agree with it.
Jobs didn’t block Flash b/c of security concerns alone. He also blocked it out of energy concerns. Energy concerns that HTML5 mitigates to a large degree.
We? LOL I am sorry Mr. president.
It takes someone very naive to think a big CEO acts for the kindness of us all without thinking on his company’s interests.
How is HTML5 less secure than Flash. The pure fact that HTML5 has no access to your local files is a big win over Flash. Your fantasy about royalties makes now sense as it would have been Adobe that would have to pay to get Flash on iOS. And they tried and failed over and over. They could not meet a single power saving milestone. It all stems from the fact that Adobe was not going to break older Flash files. Hell I wouldn’t be shocked if Flash could still play Swish files.
Yeah, I’m calling BS on your little fairytale there Mr voys. Pre tell, what “royalties” do you speak of? How were they calculated? On what content were they paid? Seriously, you sprout such garbage and expect people to swallow it? No. Show us where HTML5 is less secure than flash? I’d love to see your evidence to support such BS. This place is resembling a cow paddock with all the crap being dropped by idiots.
That video was amazing! So funny he’s now working at Apple, and is kind of the public face for watchOS.
I didn’t install flash on my Mac for a very loan time, but due to some websites insisting in using it I had to install it. Since then, my 32GB iMac has huge memory leak and performance problems.
It’s about time to pull the switch.
My resolution is that if a site requires Flash, I’ll just ignore it.
Two technologies I don’t use at all, Flash and Java. Both became useless within its own stupidity.
But Apple is not totally innocent since I can easily watch every video without flash on Google Chrome but can’t watch the same video by Safari without flash: When I don’t update flash, Safari stops showing any movie and tell me to update flash player but Chrome continues showing the same movie in the same website without me have to update flash! Actually I shifted to Chrome just for this reason. Or should I change anything in Safari setup?
Are you aware Chrome is not as Firefox or Safari, in the sense that these two need this plugin installed in the system to display Flash content, while Chrome has it’s own Flash engine inbuilt, independent of the OS and auto-updated.
So probably when you think you are seeing something on Chrome on HTML5 you might be actually using Flash with their inbuilt engine.
But how come its inbuilt flash, never get update?
You just enable develop mode in Safari and change the user agent to Safari iOS/iPad. Forces websites to load all content, flash free. Its a well known tip for smart people.
Theres a simple tip within Safari to force web content to load without flash. You should learn it.