Adobe announces end-of-life for Flash, the InfoSec world cheers

Support for Flash Player will end in 2020, so now is the time for website owners to migrate from it.

noflash

Ding-dong, Flash is finally dead (well, will finally be dead in 2020). Adobe announced it will completely end support for Adobe Flash Player in 2020.

The tech press has been predicting the death of Flash for years—HTML5 was hailed as the Flash-killer, except it took the standard a while to mature to the point where it could compete head-on with Flash, Steve Jobs insisted iOS devices would never support it, and several major browsers have started not playing Flash content by default. In those cases, users must manually click to play Flash on websites. Even so, Flash seemed poised to stick around forever as some kind of a tech zombie—a number of gaming, educational and video applications continue to rely heavily on the technology—much the same way client-side Java applets and Windows XP just won’t die.

But this time, it looks real. Come December 31, 2020, websites with Flash content will stop working because all  major web browsers will have disabled the capability to play those files. In independent announcements, Google, Mozilla, Apple and Microsoft outlined their plans for how their browsers will handle Flash over the next two-and-a-half years, with the ultimate goal of disabling Flash completely. For example, Chrome and Microsoft Edge currently ask users to click-to-play Flash content by default. By mid-to-late 2019, Microsoft will disable Flash by default in Edge and Internet Explorer, and fully remove Flash from all supported versions of Windows by 2020. Google will continue phasing out Flash, and will remove Flash entirely from the browser by the end of 2020.

“Adobe will stop distribution of Flash Player from https://get.adobe.com/flashplayer. It is very likely that we will also remove additional support pages (such as the Flash Player Archive and Debug download sites),” said an Adobe spokesperson. “We are encouraging content creators to migrate their existing Flash content to open formats like, HTML5.”

Adobe Flash, when it was first introduced in the 1990s, was revolutionary. It brought animation technology to games, made the web interactive through photo galleries, and simplified how to use online video. As oft happens when technology becomes widely used and near ubiquitous, the criminals took advantage of the fact that browsers were essentially running full-fledged applications. Exploit kits predominantly target security vulnerabilities in Flash and Java to compromise individual devices via web-based attacks. Up until recently, HTML5, despite all its promises, just wasn’t mature or stable enough to really take on all the things that made Flash so popular.

“As open standards like HTML5, WebGL and WebAssembly have matured over the past several years, most now provide many of the capabilities and functionalities that plug-ins pioneered and have become a viable alternative for content on the web,” Adobe said in its end-of-life announcement.

At the time of Adobe’s acquisition of Macromedia in 2005, Flash was installed on more than 98 percent of computers around the world. By 2014, though, as Chrome started making users click-to-play to run Flash content, usage began to fall off. By 2014, it was used every day by just 80 percent of users, with the latest figures hovering around 17 percent, according to Google.

[Related: The modern guide to staying safe online]

“Today, most browser vendors are integrating capabilities once provided by plugins directly into browsers and deprecating plugins,” Adobe said, acknowledging Flash was essentially obsolete.

In security circles, Flash is unwelcome, even reviled. Even so, Adobe is not going to pull the plug on Flash right away, giving developers time to migrate their websites and fully embrace HTML5 and other open standards going forward. For example, Facebook, which hosts lots of Flash games on its platform, wants developers to remember those deadlines to avoid compromising user experience. However, the company will “move more aggressively to EOL Flash” in regions where there is a high number of unlicensed and outdated versions of Flash Player are in use.

Because websites will stop working once Flash enters end-of-life, there is an impetus for website owners to make specific adjustments before customers are no longer able to use the sites. Abandon their older Flash applications at the end of 2020? Make newer, snazzier sites to take advantage of online video and audio capabilities? The timeline seems overly generous, but after so many years, it’s finally true: Flash will fade away from the web.

Related:
SUBSCRIBE! Get the best of CSO delivered to your email inbox.