The recent Hacking Team data breach revealed several severe security vulnerabilities in Adobe’s Flash video and gaming program that allow cyber attackers (or governments, in this case) to gain access to victims’ computers without their knowledge. These flaws, known as “zero-day” exploits, occur before the presence of a vulnerability is made known (and the developer therefore has zero days to fix the flaw). The discovery of these new vulnerabilities comes on the heels of a June revelation that a similar flaw had been discovered in Flash that allowed attackers to seize control of a user’s computer using malicious video files.
It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day,
wrote Facebook’s head of security Alex Stamos in a tweet.
Mozilla recently announced that its Firefox web browser will now block every version of the Flash plugin. Others have called for phasing out Flash in favor of HTML5 or alternative programs that offer greater security to users.
Read more here – “Facebook Calls for End to Flash as Firefox Blocks it over Hacking Holes,” (Samuel Gibbs, The Guardian).