Apple Forcing Users to Upgrade to Latest Adobe Flash Plug-In Due to Security Issues

[FloatingBones]

Companies with any sense redesigned their sites ages ago when the OG iPad sold crazy amounts and couldn't see the sites. And given that Flash is anti accessibility that was another reason to stop.the security concerns adding a third.

Bingo. Jobs's Thoughts on Flash (2010) is quite educational. One note: Jobs's comments about Flash games are obsolete: Flash games can be compiled and distributed via the App Store. Adobe even bragged about a Flash-based game that hit #1 in the App Store back in 2011.

 

[petsounds]

And given that Flash is anti accessibility that was another reason to stop.

That's just untrue. Flash has a lot of accessibility support, it's just that most companies don't care enough to spend the time implementing it.

I find it funny that people go on tirades about Flash, but then the replacement – HTML5 – still results in choppy browser animations and poor performance. Or worse yet, sites that are optimized for one browser such as Chrome, which takes the web back to the 90s where "This site looks best on Internet Explorer" messages were common.

Flash is still the king of games and animation on the web, and it'll be a while before Javascript/HTML can get to that level.

 

[PocketSand11]

Where does Google even use Flash? I've never seen it anywhere. Man, every time I want to use Flash for one thing about once a year, it NEEDS another update. Could it at least make these updates optional?

----------

I find it funny that people go on tirades about Flash, but then the replacement – HTML5 – still results in choppy browser animations and poor performance. Or worse yet, sites that are optimized for one browser such as Chrome, which takes the web back to the 90s where "This site looks best on Internet Explorer" messages were common.

Yeah, HTML5 has been much slower for playing videos than Flash has been for me. Not a true replacement. It's a lot better than Flash for other things. I'd prefer it if sites would limit their use of both. I use Click2Flash to open YouTube videos in QuickTime Player instead. No ads either

----------

You just better hooey you're using the right browser for that awesome HTML5 goodness. I think, right now, it is IE 11 and Safari 8. I don't know which other support it. I think ChromeOS?

Wait, are you serious? It's H.264 video. Why can't they just stream the H.264 by itself and let the browser deal with it like they do with the iPad?!

 

[autrefois]

Apple Forcing Users to Upgrade to Latest Adobe Flash Plug-In

I'd like to know how we can find a way to force Apple to upgrade things. Mac Mini, Displays...

 

[PocketSand11]

Is this a serious question? Because I can find at least five pieces of software that had more flaws found last year in comparison to Adobe Flash.

The only ones I can think of are Java and Windows. The three of them are crap that need to die. At least you're not effectively forced to use Windows, but there's always that one stupid website that needs Flash or Java.

 

[C DM]

Where does Google even use Flash? I've never seen it anywhere. Man, every time I want to use Flash for one thing about once a year, it NEEDS another update. Could it at least make these updates optional?

----------



Yeah, HTML5 has been much slower for playing videos than Flash has been for me. Not a true replacement. It's a lot better than Flash for other things. I'd prefer it if sites would limit their use of both. I use Click2Flash to open YouTube videos in QuickTime Player instead. No ads either

----------



Wait, are you serious? It's H.264 video. Why can't they just stream the H.264 by itself and let the browser deal with it like they do with the iPad?!

You want security updates to be optional? Seriously?

----------

The only ones I can think of are Java and Windows. The three of them are crap that need to die. At least you're not effectively forced to use Windows, but there's always that one stupid website that needs Flash or Java.

Yes, they are all crap. A totally objective view of it all.

 

[FloatingBones]

That's just untrue. Flash has a lot of accessibility support, it's just that most companies don't care enough to spend the time implementing it.

According to his Adobe page, Flash accessibility is provided through MSAA -- a Microsoft-only solution. This article notes that Adobe abandoned its efforts to provide accessible Flash for the Mac -- back in 2012.

Setting the record straight: Adobe is the company that didn't care enough to spend the time implementing accessible Flash.

 

[PocketSand11]

You want security updates to be optional? Seriously?

Yeah. Safari asks me whether I want to use it. I almost always say no. It runs once or twice a year on my computer when I want to watch a video somewhere besides YouTube and needs to update every time. So, as a result, Flash updates make it take about 6X as long for me to view Flash videos. I'd be fine running it that one time on a trusted site.

Besides, it's my computer. I should be allowed to deny updates at will. Maybe I can find where it checks the Java build number and set that number to 9000. Oh wait, I'd have to set it to a higher number than that because I'm sure there have been over 9000 updates.

----------

Yes, they are all crap. A totally objective view of it all.

If you want numbers, go by the number of computers infected through that software. The only big malware threats on post-2000 Mac hardware have been through Java, Flash, Windows in Bootcamp, and… yes I forgot to mention this one… older versions of Office.

----------

I'd like to know how we can find a way to force Apple to upgrade things. Mac Mini, Displays...

LOL that would be great. Apple acts like I do with updates.

 

[960design]

Sure. I'll let everyone know that your willing to redesign their sites for free. I'm sure you'll be receiving calls shortly.

Why so sarcastic towards an honest question? Companies have heard the call for change for the last five years. Three years ago, Adobe's Vice President called off Mobile Adobe, because it could not be fixed and html5 / css3 was a more realistic solution for future use.

 

[Señor]

Wow, I came here to say exact same thing lol

Glad to know we're on the same page, good sir.

 

[iSee]

Can't Flash just die instead?

Yeah! I got a call at work today from my wife due to this.

(I'm the computer geek so I'm supposed to remember her passwords when she doesn't?!? Well, OK, I do/i] remember this, but still.)

I think I've mostly convinced her that Flash is passe, that the cool people in-the-know people wouldn't be caught dead using Flash. That's a powerful indictment for her and she'll stop using web sites that require Flash. Then I finally won't have to deal with it anymore.

 

[gumblecosby]

...

Wait, are you serious? It's H.264 video. Why can't they just stream the H.264 by itself and let the browser deal with it like they do with the iPad?!

Its all about protecting content with DRM. HTML5 is not new. HTML5 DRM is new. All the premium (i.e. payed for) content providers like Sky, Netflix, NFL Gamepass etc. will not touch HTML5 until they can protect their streams with DRM. With regards to the iPad, well most big content streaming companies use apps to distribute content.

Have you any examples of paid for streaming services that run through safari on the iPad? Just curious from a technological perspective.

 

[PocketSand11]

Its all about protecting content with DRM. HTML5 is not new. HTML5 DRM is new. All the premium (i.e. payed for) content providers like Sky, Netflix, NFL Gamepass etc. will not touch HTML5 until they can protect their streams with DRM. With regards to the iPad, well most big content streaming companies use apps to distribute content.

Have you any examples of paid for streaming services that run through safari on the iPad? Just curious from a technological perspective.

Not through a web browser, but it's similar tech-wise: iTunes lets you stream DRM-protected movies. It uses QuickTime, so it seems like it would work through a web browser if Apple wanted it to. I've heard of DRM-protected H.264 wrapped in MP4 too. Are you sure that the Netflix iOS app doesn't use DRM? That seems exploitable.

 

[C DM]

Yeah. Safari asks me whether I want to use it. I almost always say no. It runs once or twice a year on my computer when I want to watch a video somewhere besides YouTube and needs to update every time. So, as a result, Flash updates make it take about 6X as long for me to view Flash videos. I'd be fine running it that one time on a trusted site.

Besides, it's my computer. I should be allowed to deny updates at will. Maybe I can find where it checks the Java build number and set that number to 9000. Oh wait, I'd have to set it to a higher number than that because I'm sure there have been over 9000 updates.

----------



If you want numbers, go by the number of computers infected through that software. The only big malware threats on post-2000 Mac hardware have been through Java, Flash, Windows in Bootcamp, and… yes I forgot to mention this one… older versions of Office.

----------



LOL that would be great. Apple acts like I do with updates.

If you are talking about malware threats as a measure of how good something is, that's not exactly a fully useful measuring stick. Make something as popular/widespread as Windows or Flash or Java is and see how many threats there would be aimed at it. Nothing is problem free, a lot of things can be somewhat better or worse of course, but keeping everything else the same, it's not likely that comparable things would really be that far ahead or behind at being that much more or less secure.

As for updates, you are saying you would rather use a version with known security issues in it than to be "bothered" by an update in the seldom occasion that you actually use it? That in itself pretty much devalues and undermines much of anything else that might be said about security or anything related to it.

 

[lolkthxbai]

Not through a web browser, but it's similar tech-wise: iTunes lets you stream DRM-protected movies. It uses QuickTime, so it seems like it would work through a web browser if Apple wanted it to. I've heard of DRM-protected H.264 wrapped in MP4 too. Are you sure that the Netflix iOS app doesn't use DRM? That seems exploitable.

I know it wasn't on an iPad but doesn't Netflix run without anymore plugins (Silverlight) on Safari for Yosemite?

 

[NY Guitarist]

The block is for older versions of Flash in Safari, as it would have been helpful for the article to have pointed out. On other browsers on the Mac, who knows?

Safari blocked me from using Flash 14.0.0.125 which I'm certain is a very recent, if not latest, version before .145

----------

The issue is that it's cheaper and easier to make things in flash.

But obviously less secure and far more resource hungry.

 

[PocketSand11]

I know it wasn't on an iPad but doesn't Netflix run without anymore plugins (Silverlight) on Safari for Yosemite?

It uses HTML5 only available on the new Safari. The only reason that's not considered a plugin is that it comes pre-installed… You need something extra on the web browser's side to play it.

 

[Michael Goff]

The only ones I can think of are Java and Windows. The three of them are crap that need to die. At least you're not effectively forced to use Windows, but there's always that one stupid website that needs Flash or Java.

Do you use Chrome? How about anything made by Mozilla? Or maybe you use Adobe Reader? Of course, you already pointed out Java and IE.

----------

Safari blocked me from using Flash 14.0.0.125 which I'm certain is a very recent. if not latest version before .145

----------



But obviously less secure and far more resource hungry.

Far more resource hungry? Not anymore.

 

[PocketSand11]

As for updates, you are saying you would rather use a version with known security issues in it than to be "bothered" by an update in the seldom occasion that you actually use it? That in itself pretty much devalues and undermines much of anything else that might be said about security or anything related to it.

Yes I would. Flash only runs when I explicitly permit it to. What's going to happen, ESPN3.com (used a couple of times every 4 years for the World Cup) is going to try to make me download malware? If there's a big enough vulnerability in Flash that it would cause more hassle for me than updating Flash does, I wouldn't update Flash but ban it from my computer.

 

[PocketSand11]

Far more resource hungry? Not anymore.

No, it's more like it used to be fast but has gotten slow. All those online games would run fine on my Pentium III Win98 laptop, and now they require like 30% CPU usage on a new processor. YouTube videos in Flash worked fine on an iMac G3, and now even a G5 can't watch YouTube at >2FPS without YouView, which plays its videos in QuickTime instead at full framerate. Of course, this is only anecdotal evidence. I'd do a speed test of Flash 13 vs Flash 6 if my computer would permit me to install an outdated version of Flash.

 

[Michael Goff]

No, it's more like it used to be fast but has gotten slow. All those online games would run fine on my Pentium III Win98 laptop, and now they require like 30% CPU usage on a new processor. YouTube videos in Flash worked fine on an iMac G3, and now even a G5 can't watch YouTube at >2FPS without YouView, which plays its videos in QuickTime instead at full framerate. Of course, this is only anecdotal evidence. I'd do a speed test of Flash 13 vs Flash 6 if my computer would permit me to install an outdated version of Flash.

I'm not running into those problems.

 

[C DM]

Yes I would. Flash only runs when I explicitly permit it to. What's going to happen, ESPN3.com (used a couple of times every 4 years for the World Cup) is going to try to make me download malware? If there's a big enough vulnerability in Flash that it would cause more hassle for me than updating Flash does, I wouldn't update Flash but ban it from my computer.

Considering updating Flash is a minor hassle, especially when it might even be needed done as seldom as you claim to even need to use Flash, seems like the balance between security and extremely minor annoyance is quite skewed (and not in exactly a rational manner).

 

[lolkthxbai]

It uses HTML5 only available on the new Safari. The only reason that's not considered a plugin is that it comes pre-installed… You need something extra on the web browser's side to play it.

Okay, so looks like in Yosemite, Apple implemented 3 new standards called MSE, EME and WebCrypto into Safari which let's Safari handle premium video content without requiring a plugin. So if those technologies could be implemented into mobile safari then we'd be in business 8)

It's worth noting that IE 11 on Windows 8 can also handle netflix without plugins.

 

[gumblecosby]

Not through a web browser, but it's similar tech-wise: iTunes lets you stream DRM-protected movies. It uses QuickTime, so it seems like it would work through a web browser if Apple wanted it to. I've heard of DRM-protected H.264 wrapped in MP4 too. Are you sure that the Netflix iOS app doesn't use DRM? That seems exploitable.

The application i.e. iTunes or Netflix iOS app handles the DRM. They may use Quicktime or QTKIT or whatever the API is now to handle the playback but it still needs to be secured. This whole discussion began with replacing flash with html5 streaming. That is what I'm referring to when I mention the new html5 drm standard with regards to content delivery. Any iOS app such as Netflix will leverage some form of secure video delivery unless they want some opportunist to sniff the url with wireshark and rip the unprotected stream.

With respect to the new html5 video streaming in Yosemite, this page and this one also should help anyone understand why html5 can be used for things like Netflix now. This seems to be the replacement for Flash when it comes to commercial streaming.

 

[ratsg]

Has there ever been a piece of software which had more security flaws or was a bigger malware magnet?

ms windows. certainly that stands above all others.