Facebook to Dump Flash for Better Security
Posted by: Timothy Weaver on 12/23/2015 06:10 AM
[
Comments
]
In an effort to boost security, Facebook has dumped Flash in favor of HTML5, although they will work with Adobe for game play to improve reliability and security.
The company said: "We recently switched to HTML5 from a Flash-based video player for all Facebook web video surfaces, including videos in News Feed, on Pages, and in the Facebook embedded video player."
“We are continuing to work together with Adobe to deliver a reliable and secure Flash experience for games on our platform, but have shipped the change for video to all browsers by default,” it added.
Flash has consistently criticized by security experts over the years for vulnerabilities that allow hackers to gain access to users' systems and organizations’ infrastructure via browser-based attacks and zero-day exploits.
HTML5 ditches any plug-in method in favor of using technology within modern browsers to display content; this closes a common attack vector.
Facebook is not the only one to move away from Flash. Among others are Netflix (which is working on an HTML5-based video player), Twitch (which plans a move in the second quarter of 2016) and Amazon (which is dropping Flash from advertising). YouTube switched to a HTML5 based player in January 2015.
Steven Mills of PMC Telecom said: Browsers loading, for example, a flash-based game, are to an extent susceptible to malware attacks. Remember pretty much everybody uses Facebook – unfortunately not everybody has reasonable security in place on their Laptops/PCs. Switching to HTML5 from flash completely rules out one type of threat to Facebook users.”
Users should still be wary of fake Facebook sites that offer to serve up a game with a Flash download. “Fake Flash downloads and imitation Facebook pages have been a problem for many years, and they'll be around for many years to come," Chris Boyd, malware intelligence analyst at Malwarebytes warns.
Source: SCMagazine
The company said: "We recently switched to HTML5 from a Flash-based video player for all Facebook web video surfaces, including videos in News Feed, on Pages, and in the Facebook embedded video player."“We are continuing to work together with Adobe to deliver a reliable and secure Flash experience for games on our platform, but have shipped the change for video to all browsers by default,” it added.
Flash has consistently criticized by security experts over the years for vulnerabilities that allow hackers to gain access to users' systems and organizations’ infrastructure via browser-based attacks and zero-day exploits.
HTML5 ditches any plug-in method in favor of using technology within modern browsers to display content; this closes a common attack vector.
Facebook is not the only one to move away from Flash. Among others are Netflix (which is working on an HTML5-based video player), Twitch (which plans a move in the second quarter of 2016) and Amazon (which is dropping Flash from advertising). YouTube switched to a HTML5 based player in January 2015.
Steven Mills of PMC Telecom said: Browsers loading, for example, a flash-based game, are to an extent susceptible to malware attacks. Remember pretty much everybody uses Facebook – unfortunately not everybody has reasonable security in place on their Laptops/PCs. Switching to HTML5 from flash completely rules out one type of threat to Facebook users.”
Users should still be wary of fake Facebook sites that offer to serve up a game with a Flash download. “Fake Flash downloads and imitation Facebook pages have been a problem for many years, and they'll be around for many years to come," Chris Boyd, malware intelligence analyst at Malwarebytes warns.
Source: SCMagazine
Comments
