Adobe to Stop Distributing and Updating Flash in 2020

Adobe today announced plans to end-of-life its Flash browser plug-in, ceasing development and distribution of the software at the end of 2020. Adobe encourages content creators to migrate flash content to HTML5, WebGL, and WebAssembly formats.
But as open standards like HTML5, WebGL and WebAssembly have matured over the past several years, most now provide many of the capabilities and functionalities that plugins pioneered and have become a viable alternative for content on the web. Over time, we've seen helper apps evolve to become plugins, and more recently, have seen many of these plugin capabilities get incorporated into open web standards. Today, most browser vendors are integrating capabilities once provided by plugins directly into browsers and deprecating plugins.
The elimination of Flash and Flash Player should not heavily impact most users because popular browsers have already moved away from the format. Starting with macOS Sierra and Safari 10, Apple disabled Adobe Flash by default to focus on HTML 5, and Flash has never been available on Apple's iOS devices. Google's Chrome browser has also been de-emphasizing Flash since the middle of last year.

Adobe's Flash Player has always suffered from a never-ending stream of critical vulnerabilities that expose Mac and PC users to malware and other security risks. Vendors like Microsoft and Apple have had to work continually over the years to keep up with security fixes.

Apple also shared Adobe's Flash news on its WebKit blog, and the company says it is working with Adobe and industry partners on the transition from Flash to open standards.

Ahead of its sunsetting in 2020, Adobe will continue to support Flash on major operating systems and browsers, issuing regular security updates, maintaining OS and browser compatibility, and introducing new features and capabilities "as needed."

Adobe says it will, however, "move more aggressively" to end Flash distribution in countries where unlicensed and outdated versions of Flash Player are distributed.


Discuss this article in our forums

Adobe Issues Critical Security Update for Flash Player on Mac

Adobe this week released Flash Player version 24.0.0.221 to "address critical vulnerabilities that could potentially allow an attacker to take control of the affected system," including Mac, Windows, Linux, and Chrome OS.

Mac users with Flash Player version 24.0.0.194 or earlier installed should immediately update to the latest version using the built-in update mechanism. The update is also available from the Adobe Flash Player Download Center.

Flash Player users who had enabled the option to "allow Adobe to install updates" will receive the update automatically. Likewise, Google Chrome will automatically update Flash Player to version 24.0.0.221. Select "About Google Chrome" under the Tools menu to verify the browser is up-to-date.

Adobe said the critical security update resolves integer overflow, memory corruption, type confusion, heap buffer overflow, and use-after-free vulnerabilities that could lead to code execution. The vulnerabilities were reported by security teams from Google, Microsoft, Palo Alto Networks, and Trend Micro.

Safari on macOS Sierra deactivates Flash by default, only turning on the plug-in when user requested. Chrome, Firefox, and most other modern web browsers also have web plug-in safeguards in place due to repeated security risks. Adobe has released fifteen Flash Player security updates over the past year.

In 2010, Apple co-founder Steve Jobs shared his "Thoughts on Flash," in which he favored open web standards such as HTML5 over Adobe Flash. Jobs said Flash Player was "the number one reason Macs crash," while criticizing its performance on mobile devices. "Flash was created during the PC era – for PCs and mice," he opined.


Discuss this article in our forums