Adobe Flash

Adobe Flash (formerly known as Macromedia Flash), or simply Flash (/ flæʃ/), is a multimedia platform used to create vector animation and interactive applications (including games), as well as to integrate videos into web pages.

Opportunities

Adobe Flash allows you to work with vector, raster and limited with three-dimensional graphics, and also supports bidirectional streaming of audio and video. A special "lightweight" version of the Flash Lite platform has been released for PDAs and other mobile devices, whose functionality is limited based on the capabilities of mobile operating systems and their hardware indicators.

Development tools

Proprietary packages of Adobe Flash Professional and Adobe Flash Builder 4 (formerly Adobe Flex Builder), which allows you to create interactive applications (including web applications, games, and cartoons).

Extensions of files

The standard extension for compiled Flash files (animations, games, and interactive applications) is.SWF ((Shockwave Flash) or Small Web Format). Flash videos are files with the FLV extension (in this case, Flash is used only as a container for video recording. The FLA extension corresponds to the format of the working files in the development environment.

Means of reproduction

Flash content is played using a number of software tools, but the official proprietary Adobe Flash Player, distributed as a free plugin for most modern browsers, dominates the market. You can also view SWF files using various free players, such as Gnash or swfdec. FLV files are played through Adobe Flash Player or through multimedia players such as Quicktime and Windows Media Player, if appropriate plugins are available.

Since August 2010, you can play Flash content on Apple iPhone 4. The port was developed by Comex, also the author of the JailbreakMe tool.

You can only install a Flash plugin on a hacked firmware iPhone. The creator of the plugin tested its performance only on iPhone 4 with firmware version 4.0.1, but does not exclude that it will work on previous generations, as well as on iPod touch. Installation of the plugin is carried out in several stages with the installation of the software both on the computer and on the mobile device, and is unlikely to be under the power of an ordinary user.

Recall that Apple blocks the use of unofficial applications, as well as the launch of Flash Player on its devices, citing the fact that it is not good enough for this (high requirements for hardware resources, strong battery consumption). Previously, Flash was ported to iPad, on which this technology is officially not available either.

Flash as a user surveillance tool

Advertising company SpecificMedia was fined in 2010 by the court for recreating temporary files deleted by the user, reports Wired. Cookies are used by websites to store information about visits. Physically, these files are located on the user's computer. By cookies, the site can establish re-visit, frequency of visits by the same user and other statistics. All major web analytics systems take into account data from cookies.

Users often delete cookies, making it difficult to track their behavior. However, in addition to regular cookies, which are simple text files, there are also so-called flash cookies - data that is written to the Adobe Flash store. They are often used by online audio and video players, as well as Flash games - they remember at what point video viewing stopped or store the user's progress in the game. They can also be used to store almost arbitrary information. Flash cookies are not deleted when regular cookies are cleaned. This was used by SpecificMedia, restoring cookies data from the flash store.

To prevent sites from following themselves, you can block flash cookies. This is done on the Flash Global Settings page. You can also allow individual sites to write their data to flash storage. In addition, there are special programs - CCleaner for Windows and Flush for Mac OS X, which allow you to manage flash cookies and delete them if necessary.

The American court decision is not the first time that it was recognized that flash-cookies violate the privacy of the user. Some time ago, the American authorities were forced to remove the Youtube video player from the White House website, since it records data in the flash repository and monitors user behavior, which is forbidden for government sites.

Flash leaves mobile devices

According to ZDNet, Adobe refuses to release further Flash Player updates for mobile devices. An event that seems quite incredible. It is almost as if Russia refused to support AvtoVAZ, or the United States decided to forever tie up with the export of democracy. Regardless of our attitude to these things, they seem fundamental, indestructible.

It would seem that nothing foreshadowed such a decision. New versions, producers of mobile phones on Android seemingly forever were developed entered support of Flash in the list of the competitive advantages - and suddenly, suddenly, such blow. There will never be a new version of the plugin - instead, Adobe is going to focus on developing tools for converting Flash to other formats - for example,. HTML5

What happened? Might Flash be out of date? And yes, and no. Ideologically, the platform is still very strong. That is, the possibilities it provides are more than consistent with the current moment. Moreover, Adobe's development tools are uniquely good and allow you to create powerful products in the shortest possible time. That is why the platform has gained such strength.

But there is another side, purely technological. If you remember, it was Steve Jobs who pointed to her when he explained why iPhone does not support Flash. The platform has significant stability and performance issues. More or less complex Flash applications can noticeably slow even laptops and desktops, but still the power of modern desktop systems is growing so fast that you can put up with it. In the case of mobile devices, there are simply no such resources - as a result, Flash significantly slows down the device and "grids" the battery.

Judging by the fact that Adobe has not been able to solve this issue for many years, the problem is quite serious. Here we enter the shaky ground of speculation, but it seems that the following has happened. Flash is a very old technology, back in the early 90s. Then it was not intended for complex applications at all, simple animated videos were made on its basis. Since then, the platform has been modified many times, fouled with new capabilities, but, apparently, its architecture has not changed. The kernel, designed and designed for small applications, simply does not pull the amount of code and resources that are present in modern flash projects. On powerful computers, this somehow manages to be solved at the expense of brute force. On weak mobile phones - alas, there are no options. Just modifying the architecture will not work - this is how to rebuild the barn into a palace. The only reasonable way is to demolish everything and rebuild it.

But in this case, even if you find the right resources, development will take a year or several years. At the same time, the first version of the new platform will probably be functionally incomplete, this is always the case. After all, it is impossible to immediately realize what was written in the old product over many years. Live examples before the eyes are WP7, which only catches up with the functionality of WM6.5, or the new Final Cut X, which has a new powerful engine, but is still far from the classic Final Cut.

Adobe did not improve the performance of the existing architecture - this should be expected. They did not dare to rewrite the entire product in the company, apparently reasonably suggesting that during the transition to a new version in the market they would be squeezed out by newer technologies. As a result, we have what we have. There will be no Flash on mobile phones. Steve Jobs understood the technology well. And this time the^[1] was right again^[2]

2021

Uninstall from Windows 10

Microsoft began a phased deployment of the update for the Windows 10 operating system, which permanently removes Adobe Flash Player. This became known on February 17, 2021. More details here.

Stopping rail traffic in China due to disabling Adobe Flash support

On January 12, 2021, the American company Adobe, which is the creator of the Flash service for the development of multimedia web applications, stopped supporting its platform. This caused a 20-hour downtime of the railway control system in the city of Dalian (northeast China).

According to Chinese media, on the morning of January 12, a call was received to the support service of the Dalian railway station, in which it was reported that the internal website with a train schedule, with which passengers, in particular, order tickets, was disconnected. Within half an hour, there was a malfunction of all computer systems at the railway station.

The cessation of support for Adobe Flash for a day stopped rail traffic in China

Later, IT specialists found out that Adobe forcibly disabled the Flash plugin. They decided to connect to failed computers remotely and made an attempt to roll back the plugin, but all their efforts did not bring the expected result - after some time, the systems again did not display the information necessary for the operation of the station.

Every few hours, IT professionals did the same to gain access to computer management for at least a certain amount of time. This lasted approximately 20 hours, after which the specialists were divided into hardware and software groups, and together the team restored the old version of the Adobe Flash plugin from a backup computer, which was disconnected from the network and could provide access to the version of the plugin, which remained functional after disabling Flash.

Adobe organized an information campaign to prepare users, including corporate ones, to abandon Flash back in 2015. Large companies, including Google, began a "rollback" almost immediately after Adobe announced its decision. The company finally abandoned Flash on December 31, 2020.^[3]

Adobe finally killed Flash. The global blocking of Flash content has begun on the Internet

Adobe began in January 2021 to forcibly block the playback of any content on the Internet that requires its signature Flash Player to play. This is the last stage in the destruction of Flash technology, which originated at the end of the 20th century and in the middle of the last decade recognized as overflowing with vulnerabilities and the most unsafe^[4].

Any flash content is blocked - hand-drawn animations, videos converted to Flash, banners, website components, etc. To do this, it uses the mechanisms embedded in Flash Player itself, and simultaneously does not allow you to update it or simply download its distribution from its official website.

2020 - Date of death Flash

Adobe will stop updating and distributing Flash Player at the end of 2020. The company announced this in July 2017 on its blog. Adobe believes that the open standards HTML5, WebGL and WebAssembly have become sufficiently developed in recent years so that Flash users can switch to them. The company will opt out of the plugin in partnership with Apple, Facebook, Google, Microsoft and Mozilla. Partners can help ensure that Flash content is secure and compatible.

Adobe recognizes that some companies that are engaged in computer games or video content, the whole business is built around Flash technology. It was for them that the deadline was set until the end of 2020 - until that time the plugin will be supported on all major OS and browsers, including the timely release of security patches and the elimination of incompatibilities. Adobe is going to campaign especially hard to eliminate Flash in regions where outdated and unlicensed versions of Flash are distributed.

The company intends to continue to participate in the development of the HTML5 standard and WebAssembly code, as well as work on its other animated and video tools, such as Animate CC and Premiere Pro CC.

2019: Microsoft will completely stop supporting Adobe Flash in Edge on the Chromium platform

On September 3, 2019, it became known that the company Microsoft will completely stop supporting Adobe the Flash plugin in, browser Edge built on the Chromium platform, in December 2020. The company decided to abandon Edge based on the Edge engine HTML and create Edge on Chromium. The changes will take effect in the next version of the browser, so Microsoft decided to share its plans to support Flash in the updated Edge. More. here

2017

Zero-day vulnerability

Kaspersky Lab on October 10, 2017 discovered a zero-day vulnerability in Adobe Flash software, which allows you to install spyware in an infected system. Company experts have already reported on the found vulnerability CVE-2017-11292 of Adobe - based on this information, the developer of the Flash platform has released the necessary update and recommendations for users. Nevertheless, the security gap has already managed to take advantage of the cybercrime group BlackOasis, which attacked commercial and government organizations in different countries of the world, indicated in Kaspersky Lab.

Spyware Distribution

To infect victims, attackers embed malicious exploit software that uses a vulnerability in Adobe Flash into Microsoft Word files, which are then distributed using social engineering methods. After anchoring in the system, the exploit installs the spyware FinSpy (also known as FinFisher) on the device.

Initially, FinSpy was created as commercial software for police operations, which was mainly supplied to state organizations and law enforcement agencies in several countries. The attackers of the BlackOasis group allegedly used this program around the world for the purpose of international espionage. At the same time, cybercriminals have adopted the latest version of the FinSpy, which contains many technologies that help avoid detection. All this makes it difficult to recognize and analyze this spyware.

Geography of the attacks

As Kaspersky Lab found out, BlackOasis servers are located in Switzerland, Bulgaria and the Netherlands. Victims of the group, as of October 18, 2017, are recorded in Russia, Iraq, Afghanistan, Nigeria, Libya, Jordan, Tunisia, Saudi Arabia, Iran, the Netherlands, Bahrain, Great Britain and Angola. At the same time, according to company experts, the Middle East is the main interest for BlackOasis, in particular, information related to regional policy, as well as data on local industry and research activities.

The recent attack with use of vulnerability of zero day became already operation, the third in a year, on distribution of spyware of FinSpy. And in all cases, attackers used gaps in Microsoft Word and Adobe software products. We are sure that this is far from the end - most likely, in the near future the attacks in which FinSpy is used will happen more and more often, "said Anton Ivanov, Kaspersky Lab antivirus expert.

All Kaspersky Lab solutions recognize and block malware that exploits this vulnerability in Adobe Flash.

Flash Source Open Petition

In response to Adobe's announcement in July of its plans to complete Flash support by the end of 2020, a special repository appeared on the GitHub, functioning as a petition, which calls on the company to open the source code of this technology. The petition was created by web developer Juha Lindstedt, author of RE: DOM and HTML5 Deck of Cards.^[5]

Flash is an important part of the history of the Internet, so if you "kill" it, the next generations will be deprived of access to the past. Games, experiments, websites can be forgotten. Opening Flash specification code is a good solution to secure the life of Flash projects in the archive. I don't know exactly how this will happen, but this is the beauty of Open Source: you never know what will happen after the opening of the source code, "Juha Lindstedt explained his step

In his opinion, the existing Open Source implementations of Flash, such as Gnash, Lightspark and Shumway, will also help save Flash projects, but they are not complete due to the closed Flash specification. Therefore, he does not ask to open everything (including licensed components), but suggests making the maximum available open with explanations of which components are not enough (so that they can be replaced by alternative implementations).

You can get acquainted with the petition on the GitHub by link.

2016

Google will abandon Flash

Google announced its intention to completely disable the display of ads created on the basis of Flash technology in advertising networks Google Display Network and DoubleClick Digital Marketing from January 2, 2017. At the same time, from June 30, 2016, account owners will not be able to download ads of this type^[6].

Google Display Network includes a AdWords service that allows you to show ads of various formats in search results and on partner sites. In turn, the DoubleClick Digital Marketing network was acquired by Google Corporation along with other assets of the company DoubleClick in 2007 for $3.1 billion.

Google explained that abandoning Flash "will make web surfing on devices of various types more comfortable for even more people in the world." The company expects that by the indicated time its customers will reformat their ads in HTML5.

Chrome completely refuses Flash: An exception is made for 10 sites, 4 of which are Russian

Google announced in May 2016 that it was phasing out support for Adobe Flash technology. In the browser Chrome fourth quarter of 2016, it Google Chrome will play Flash without additional user actions only on 10 sites. To activate Flash on other sites, the user will need to manually consent.

List of exceptions

Entered the list of 10 websites on which Chrome will continue to support Flash without additional actions of the user: YouTube.com, Facebook.com, Yahoo.com, Live.com, Twitch.tv, Amazon.com and also Vk.com, Yandex.ru, Ok.ru and Mail.ru.

Thus, 40% of the list is formed from Russian resources. Google explained that all these sites most often use Flash technology compared to other sites on the Internet, based on statistics that the company receives from the Chrome browser.

The list will be valid for a year

The list will change throughout the year. And exactly in a year, the company plans to clean it. What will happen next is not yet clear. It is likely that nominal support for Flash in Chrome will remain, but automatically it will not be included on any resources.

In 2016, Google also plans to provide the opportunity for company system administrators to completely disable Flash support in Chrome.

Eliminating Flash and switching to HTML5 will not make the Internet safer

Researchers at GeoEdge, a company specializing in the security of advertising campaigns, published in the summer of 2016 a report on the current state of the advertising industry market on the Internet. This document describes the security status of Flash, HTML5, and video content.

According to the study, HTML5 is gradually coming to replace Flash content. Adobe eliminates multiple vulnerabilities in Flash Player almost every month, and the global rejection of this technology at the browser manufacturer level forces advertisers to more actively use other technologies for delivering advertising content to the user.

Malicious advertising campaigns also do not lag behind ordinary advertising networks, so malicious content and redirects to phishing sites will work if the user does not have Flash Player.

The following is a diagram of how a common malicious campaign works:

As you can see in the figure, content delivery technology does not play a special role for intruders. The main problem is the vulnerabilities of advertising networks^[7].

Firefox browser starts Flash lock

The MozillaFirefox browser in August 2016 will begin blocking Flash elements on sites that are not important for visitors, reports The Verge. As a result of this step, it is planned to reduce the number of errors caused by the use of technology, as well as improve user security and speed up page loading. Since 2017, all Flash elements of sites will be displayed in Firefox only after a click.

Mozilla recommended a quick transition to HTML technologies to resource owners using Flash technology.

2015

Companies will abandon Flash?

More and more IT experts recognize the correctness of Steve Jobs, who once said - the Adobe Flash multimedia platform is a real evil^[8].

He refused to support this technology in iOS-driven devices and, as recent events show, his solution turned out to be correct, since Flash is riddled with various security holes that allow hackers to do almost anything with devices that support this technology.

Not so long ago, an unpleasant incident occurred in the IT world: the Italian company Hacking Team, which helped the special services and governments of different countries spy on each other, was under the sight of hackers. Oddly, the company, created by professional hackers and cybersecurity specialists, turned out to be defenseless before the first serious attack against itself. Attackers stole more than 400 gigabytes of data. One of the leaks helped to understand that the Adobe Flash plugin from the first day of its existence contained exploits that allow hackers to monitor any computer on which it is installed with impunity.

Hacking Team executives initially tried to make excuses and even threaten those people who distributed their secret documents on the Web, but then, under public pressure, admitted their mistakes. Among the clients of the hacker company were the special services of the United States, Saudi Arabia, Turkey, Russia, Egypt and many others. During its existence, the Hacking Team has earned hundreds of millions of dollars, helping customers use holes in the computer security of their potential enemies.

Flash technology allowed hackers to gain complete control over the victim's computer by downloading Trojan applications for remote access to it. At the same time, Adobe probably did not suspect the existence of such a "backdoor" in the code of its product. Of course, after the publication of secret documents, Adobe was covered and promised to patch all hacker loopholes in the shortest possible time. But this is unlikely to restore the darkened reputation of the company, famous for its application packages for creative employees.

Security chief Facebook Alex Stamos called on all executives of large companies to declare war on Flash technology in order to achieve its complete disappearance from the Web as soon as possible. Stamos was joined by his colleague from the corporation Mozilla , Mark Schmidt, who in his Twitter announcement that the browser Firefox will now block any default Flash content. But if the user wants to risk his security, he can return the ability to view Flash using the settings.

YouTube completely abandoned Flash technology

YouTube completely abandoned the use of Flash technology as the main one for playing videos in web browsers, reports The Verge. Flash took the place of HTML5 technology.

Notes