With Flash's EOL announced, many browsers took steps to gradually restrict Flash content (caution users before launching it, eventually blocking all content without an option to play it). By January 2021, all major browsers were blocking all Flash content unconditionally. Only IE11, niche browser forks, and some browsers built for China plan to continue support. Furthermore, excluding the China variant of Flash, Flash execution software has a built-in kill switch which prevents it from playing Flash after January 12, 2021.[74] In January 2021, Microsoft released an optional update KB4577586 which removes Flash Player from Windows; in July 2021 this update was pushed out as a security update and applied automatically to all remaining systems.[75]
For many years Adobe Flash Player's security record[162] has led many security experts to recommend against installing the player, or to block Flash content.[163][164] The US-CERT has recommended blocking Flash,[165] and security researcher Charlie Miller recommended "not to install Flash";[166] however, for people still using Flash, Intego recommended that users get trusted updates "only directly from the vendor that publishes them."[167] Adobe Flash Player has over 1078 CVE entries,[168] of which over 842 lead to arbitrary code execution, and past vulnerabilities have enabled spying via web cameras.[169][170][171][172] Security experts have long predicted the demise of Flash, saying that with the rise of HTML5 "...the need for browser plugins such as Flash is diminishing".[173]
Blocking Flash Cookies (and Improved Security with Gnash)
Like the HTTP cookie, a flash cookie (also known as a "Local Shared Object") can be used to save application data. Flash cookies are not shared across domains. An August 2009 study by the Ashkan Soltani and a team of researchers at UC Berkeley found that 50% of websites using Flash were also employing flash cookies, yet privacy policies rarely disclosed them, and user controls for privacy preferences were lacking.[179] Most browsers' cache and history suppress or delete functions did not affect Flash Player's writing Local Shared Objects to its own cache in version 10.2 and earlier, at which point the user community was much less aware of the existence and function of Flash cookies than HTTP cookies.[180] Thus, users with those versions, having deleted HTTP cookies and purged browser history files and caches, may believe that they have purged all tracking data from their computers when in fact Flash browsing history remains. Adobe's own Flash Website Storage Settings panel, a submenu of Adobe's Flash Settings Manager web application, and other editors and toolkits can manage settings for and delete Flash Local Shared Objects.[181]
This is still not recommended as they may decrease anonymity (e.g. Flash cookies) and they often have security vulnerabilities. Also some popular plugins are closed source; see Security in real world. Although unrecommended, the knowledge of how to use browser plugins is not withheld from the reader.
Flash is slow and inefficient on non-Windows platforms. It has potential security flaws. It stores "flash cookies" on your computer that you don't know about. There is no flash on the iPhone and unlikely ever will be (as a result of its being proprietary and its high CPU consumption).
I would say the definite pro of using instead of Flash is that I will be able to watch videos in my browser without having it crash or go crazy slow. I use 64bit OpenBSD, so gnash is all I can get and I only enable it when I'm feeling really risky because most of the time I'll come across a flash banner ad and my browser(firefox 3.5) will crash.
2ff7e9595c
Commentaires