UPDATED 11:56 EST / JULY 14 2015

NEWS

Industry moves in to finish off Flash after Hacking Team exploit revelations

The first casualty of the attack on the now infamous Hacking Team may not be the Italian spyware vendor itself, as many undoubtedly hope, but rather Adobe Flash, which is now officially blocked in FireFox after the discovery of a third zero-day vulnerability in the trove of internal data pilfered through the breach. And the industry’s frustration with the media player is only widening.

Adobe Systems Inc.’s ubiquitous runtime has long struggled with severe security issues that have compromised more consumers than anyone can count over the years along with a number of high-profile corporate victims. The most notable of the bunch is encryption powerhouse RSA, which saw hackers exploit a zero-day vulnerability just like the one uncovered today back in 2011 to steal sensitive data pertaining to one of its most widely used products.

Flash’s security woes have contributed a great deal of momentum to the shift towards alternatives set forth by the late Steve Jobs’ famous decision to avoid adding support for the player on iOS due to poor mobile performance, power efficiency and, of course, vulnerability to attacks. The new bugs may provide the final boost needed to push the software into irrelevance.

The third and latest vulnerability that emerged this morning is the straw that broke the camel’s back. Codenamed CVE-2015-5123 by the Trend Micro Inc. researchers who discovered it, the flaw enables hackers to exploit the part of Flash used to manipulate the presentation of Bitmap objects in order to completely take over a system, which makes it just as severe as the previous two loopholes that have been uncovered from the Hacking Team’s leaked internal records over the past week.

Adobe already released a security advisory for the bug when Trend Micro raised the alarms, but not before the backlash could start. Mozilla Corp. fired the first shot after updating its popular browser this morning to disable Flash by default, which promptly spawned a wave of how-to guides in the tech sphere on removing the player from platforms that still support it.

Facebook Inc.’s recently appointed chief security officer, Alex Stamos, went a step further and called on Adobe itself to take action by announcing an end-of-life date for Flash. The company may very be forced to do so at this point, if nothing else than to save face, since the fate of its once dominant media player now appears all but sealed.

Photo via Brian Klug

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU