Adobe Flash Is A Malware-Infested Sewer, But By All Means Continue To Use It Until 2020

OK…seriously, don’t do what the headline says. Do the opposite. Remove Flash from your computer right now. If you want the TL;DR version, stop here. Otherwise read on for the sad story.

Macromedia sold the successor to Shockwave to Adobe in 2005, and it was called Flash. And it was a pig. It killed computers, browsers, and slow Internet connections, which was about all it did reliably or well. Steve Jobs hated Flash with a passion.

(Full disclosure: one of the other piggish products of the 1990s that Macromedia sold to Adobe is ColdFusion, from which I made a lot of money. So sometimes pigs pay off, and I don’t disparage all the developers who made money off Flash. But it’s still a pig.)

But not only is Flash a pig, it’s an exploit-infested, hackable pig that will never, ever be secure enough for real use on the Internet. It’s always been so, and only by Herculean efforts by Adobe has widespread disaster been averted. Actually, not really. Most of the reason Flash hasn’t destroyed the Internet is because a large portion of it runs on Apple mobile devices, which don’t support Flash (see Jobs, above).

The rest of the computer-browser-Flash-using world is either screwed, using browsers that have built walled gardens around Flash (or force you to enable it one site at a time), or have decent virus and malware detection software. If you are in the first category, I am truly sorry for you and would advise you to stop using Flash, period.

Kaspersky Labs (which, ironically, is banned from doing business with the U.S. government because it’s Russian-owned and potentially biased toward Vladimir Putin) reported the latest vulnerability in Flash, used by a group which is called BlackOasis.

BlackOasis is a Middle East group “with clear political motivations.” Nice.

“Analysis reveals that, upon successful exploitation of the vulnerability, the FinSpy malware (also known as FinFisher) is installed on the target computer,” Kaspersky says in a blog post. “FinSpy is a commercial malware, typically sold to nation states and law enforcement agencies to conduct surveillance.”

Once the malware has been installed, it calls back to its main servers located in Europe, and can then be remotely controlled and used to send sensitive information back and forth. The current targets, which have been detected in Russia, Iran, Saudi Arabia, Libya, and Afghanistan among others, include individuals involved in regional politics, including activists, reporters, and politicians themselves.

Adobe has slated Flash for the trash heap in 2020, but that’s about three years too late, according to my calculations. Actually, I’m wrong in my calculations–HTML5 was developed in 2007 specifically to kill Flash, which had by that time become obvious it needed killing. So in fact, Flash’s death is 13 years too late. But who’s counting?

In the meantime, unless you like having nefarious political groups from the Middle East surveilling your every keystroke, controlling your camera, microphone, and basically “pwning” your computer (and your bank accounts, etc.), my advice is to get rid of Flash entirely.

Do it now.

About the author

Steve Berman

The old Steve cared about money, prestige, and power. Then Christ found me. All at once things changed. But the Holy Spirit produces this kind of fruit in our lives: love, joy, peace, patience, kindness, goodness, faithfulness, gentleness, and self-control. There is no law against these things!

I spent 30 years in business. Now I write and edit. But mostly I love. I have a wife and 2 kids and a dog and we live in a little house in central Georgia.

View all posts