Adobe Flash became the latest internet technology to reach end-of-life on 31st December 2020, and has a built-in kill switch on 12th January 2021. From Adobe’s announcement:
Since Adobe will no longer be supporting Flash Player after December 31, 2020 and Adobe will block Flash content from running in Flash Player beginning January 12, 2021, Adobe strongly recommends all users immediately uninstall Flash Player to help protect their systems.
Flash was used in the early days of the internet to provide interactive graphics and applications, and later as a mechanism for distributing ads, viruses, and malware, but its popularity for writing games gave it the biggest use case on the internet over the last couple of decades, in part because its vector graphics format made creating portable games easy, without having to worry about whatever the latest incompatible graphics drivers were for various operating systems. It also reached popularity by being able to play MPEG4 and H264 videos in a portable way without being constrained by the browser’s own expected video formats.
Flash started out life as a vector graphics editing tool under a company called FutureWave, and subsequently added animation tools to create FutureSplash Animator. When they were acquired by Macromedia in 1996 – by which time Java had reached version 1.0 – they compressed the name of FutureSplash down to Flash and rebadged it as Macromedia Flash. It was an editor for creating animations, but more importantly, a lightweight player called Macromedia Flash Player that was able to be downloaded and run as a plug-in to web browsers at the time.
By 2005, Flash was the dominant format for interactive sites; a ZDNet article claimed that because of its bundling in operating systems “more than 98% of computers connected to the web have flash installed”. It was later acquired by Adobe and published as Adobe Flash Player, along with the suite of tools for programming and creating interactive sites.
As the standardisation of HTML5 and supported media formats grew, the advantages of Flash for providing video declined, until it was primarily used for interactive games and some interactive applications. However, Flash suffered from the same issues that had meant the JVM didn’t take off in browsers a decade earlier; constant updates for security vulnerabilities meant that Adobe Flash was the primary cause of CVEs in web browsers and infections. To be fair to both Flash and the JVM; downloading programs from the internet is always going to be a vector for vulnerabilities, and the security of a remote system is always going to be as good or bad as the implementation – and as the complexity of those runtimes grew, particularly in unmanaged languages like C++ – the danger was real. Even today, bugs in image rendering pipelines or font decoding are the primary cause of vulnerabilities in browsers.
Flash’s demise started with Steve Jobs’ post “Thoughts on Flash” (web archive link), who had recently launched the iPhone in 2007 with ‘always on’ internet connectivity. (Back then, all devices that had internet capability were dial-up; you had to explicitly choose to go online and then disconnect afterwards.) The main complaint was that Flash wasn’t an open standard (unlike H264 video, which was standardised if not free) but that the practical issues of security, performance, battery and touch weren’t well suited for Flash on touchscreen devices like the iPhone.
At the time, many viewed Flash’s exclusion from iOS as not being able to experience “the full web” although they note that native games on iOS were available from the App Store. Competing device manufacturers were keen to point out that they supported Flash – although when Android 4.1 (“Jelly Bean”) was released, it no longer supported Flash by default and is only available up to Android 4.3.
Over the last decade, Flash became a shadow of its former self, and in 2017 Adobe announced the end-of-life of Adobe Flash for 31st December 2020. While the last year has not been what many of us expected, perhaps we can be grateful that a once ubiquitous technology that had become the plaything of advertisers and criminals alike has been finally laid to rest.
Is your business effected by Cyber Crime?
If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.
Digitpol’s Cyber Crime Investigation Unit provides investigative support to victims of cyber crimes. Digitpol is available 24/7. https://digitpol.com/cybercrime-investigation/
UK +44 20 8089 9944