Moving On From Adobe Flash

December 29, 2015 in SiteLock Research

With any web technology there comes a time to move on to the next level. Unfortunately, it is time for Adobe Flash users to move on. Adobe Flash vulnerabilities and security issues have made it notoriously insecure, resource intensive, and poorly supported on mobile devices. The process for phasing out Flash has been underway for some time, and now may be an advantageous time for developers and end users to move on from Adobe’s long-time media platform.

This week we’ll discuss:

  • The reasons you may want to move on from Adobe Flash
  • What alternatives exist and their advantages
  • What you can do specifically as an end user and site owner

What Are the Downsides of Flash?

It’s impossible for all software to be free of all vulnerabilities. However, Flash seems to have more than its fair share.

Adobe Flash Vulnerabilities and Security Issues

Flash is a popular attack vector due to its past ubiquity and cross-platform nature. New vulnerabilities are discovered and patched, only for new vulnerabilities to be found in the new version. In the world of security, Flash is a large problem and using it, especially outdated versions, opens users to many different types of intrusions.

Resource Consumption

Ever experience a browser crash while watching a Flash video? That’s because Flash can use large amounts of system resources. This usage can cause performance issues and slow the browser and machine.

Lack Of Support On Mobile

Lastly, Flash isn’t available on most mobile devices, which comprise the current majority of Internet users. More and more internet traffic comes through mobile devices and this means that mobile users won’t be served on equal footing with laptop or workstation users. The available alternatives to Flash may be faster and more efficient, and may provide better support and security. We’ll explore those now.

What’s Next and Why

HTML5 is the next generation of web development technology and may go a long way to replace the need for Flash. It is more secure, mobile friendly, cross-browser compatible, resource friendly, and provides better data storage.

Mobile browsers support HTML5, making it an effective tool for building interactive, yet mobile friendly, sites. All current desktop browsers support it as well. HTML5 supports local storage allowing the app to store user information such as the application state.

JSCanvas, the HTML <canvas> element is used to draw graphics on the fly via JavaScript. This allows you to use JavaScript to draw on an HTML5 canvas object. This provides a myriad of possibilities for interactive content without the need for Flash. Also, HTML5 provides better support for SEO than Flash as the content is readable and keywords can be viewed unlike with Flash.

While there is no current timeline for Flash’s end of life, it seems fast approaching. Adobe recently announced end of support for Flash Professional in January. However, this is simply a rebranding of Flash to Adobe Animate CC. Animate CC will still support the creation of SWF files, but will also support HTML Canvas and WebGL. This is a small but significant step towards the end of life for Flash.

What You Can Do

For developers, it may be time to make the move away from Flash. Some may find that switching to HTML5 and Canvas may improve security and performance. It’s not difficult to make the change as there are tools, such as Google’s Swiffy tool, that converts Flash SWF files to HTML5. Tools like this make it easier than ever to move away from Flash.

For users, from a pure security standpoint, it’s recommended to turn off Flash in browsers and keep it deactivated unless absolutely necessary. This removes the large attack surface that Flash provides to bad actors and will help avoid many unwanted intrusions. Users can also install browser extensions to force the use of HTML5 in most browsers.

How To Turn Off Flash Support In Major Browsers

Google Chrome

From the hamburger menu or the three horizontal dots, depending on which version of Chrome you’re running, in the upper right, click Settings and scroll down to “Show advanced settings.” Under “Privacy,” click “Content Settings.” Scroll down to “Plug-ins,” then “Manage Individual Plugins.” There you’ll have the option to turn Flash on or off.

Microsoft Edge

Click the ellipsis menu in the upper right, then Settings =>Advanced Settings. Flip the Adobe Flash toggle to “Off.”

Mozilla Firefox

In Firefox, you’ll need to go to the hamburger menu in the upper right, click the “Add-ons” menu, then set the Shockwave Flash plugin to “Never Activate.”

Microsoft Internet Explorer

Click the gear Settings icon to the upper right. Scroll down to “Manage add-ons.” When you’re presented with a list, click on the “Shockwave Flash Object” and the “disable” button down in the lower right.


Now is the time for HTML5 to take over and bring a more efficient and secure browser experience to the internet. In the interests of user Internet security, consider turning off Adobe Flash except when absolutely necessary. If you’re a developer, look into changing the Flash animations on your sites to HTML5. Your future users will appreciate it.

SiteLock website security services can help prevent attackers from exploiting vulnerabilities on your site. Check out our INFINITY scanning plan and web application firewall.

Latest Articles
Follow SiteLock