This story is being featured as part of our “Yahoo Best of 2015” series. It was originally published on July 15, 2015.
Google and Mozilla each announced this week that their Web browsers will be dropping default support for Adobe Flash, citing the plug-in software’s newly discovered vulnerabilities to cyberattacks. These moves came only a few days after Facebook’s chief of security called for Adobe to set an “end of life” date for the oft-exploited 20-year-old platform.
Even if you don’t exactly know what Adobe Flash is, this is important news. Whether you know it or not, odds are pretty high that Adobe Flash is on your computer right now, possibly putting your system and your personal information at risk.
Don’t panic. Take a deep breath and read our Adobe Flash security threat guide. We’ll help you figure out why it might be best to banish Flash from your life, just like Google, Mozilla, and Facebook want you to do. And we’ll tell you how to go about doing exactly that.
So what is Flash, exactly?
Adobe Flash is a software platform that runs video, animation, and games inside of Web pages. Flash was born at the dawn of the Web in 1996 and quickly became the standard for Web video, especially after a little startup called YouTube began using it in 2005. But now it’s largely obsolete, as most Web sites and apps use different technologies for the same purpose.
Why is Flash a problem?
The very thing that made Flash so popular — its ability to run complex scripts from websites you visit — can also be used for malicious purposes.
Computer scripts written in Flash can directly access the memory on your computer, which is just inviting attacks, or “exploits,” says Chase Cunningham, a cyberthreat expert at security company FireHost. “Anytime a site is able to access your computer’s memory, it’s able to make changes on the local machine itself [your PC]. That’s when you run into exploits.”
Flash has long been one of the biggest attack methods of choice for cybercrooks and spying governments, as security vulnerabilities turn up on an almost daily basis. Just this month, Adobe put out security alerts and fixes for 38 vulnerabilities in Flash Player. Last week, it came out that a company called Hacking Team had been using previously unknown flaws in Flash to create spyware that it sold to oppressive governments in countries such as Sudan and Saudi Arabia.
Flash also uses up a lot of computing resources and can bog systems down. “We … know firsthand that Flash is the number one reason Macs crash,” wrote Steve Jobs in an Apple blog post from April 2010.
Do I have Flash on my computer?
You probably do — especially if you are using a Windows PC, rely on an older browser, or were prompted by a Web site to install it.
In October 2010, Apple announced that it would no longer install Flash Player on its computers — including its Safari Web browser — although users could install it on their own if they wanted to.
The latest version of Mozilla Firefox launched with a block for Flash Player (though after an update Tuesday by Adobe, Mozilla has re-enabled use of the plugin in its browser). Google’s Chrome browser comes with Flash, but it is disabled by default.
However, you may have installed or enabled Flash Player if a website prompted you to. “I would say probably 97 to 98 percent of systems out there have some version of Flash running on them,” said Cunningham.
You can visit this page on Adobe’s website to see if the computer you’re using has Flash installed.
What about my phone?
Chances are good that Flash is not on your smartphone or tablet.
Apple completely banned Flash from its mobile devices running the iOS operating system, such as the iPhone, iPad, and Apple Watch. Apple’s rejection of Flash helped spur Web and software developers to use other technologies for delivering video or animating games.
Google’s Android mobile software briefly supported Flash, but it was generally choppy and used up more battery than other formats. In 2012, Adobe dropped support for Android, and Flash has been absent since Android 4.1 (Jelly Bean), which came out that same year. (Adobe also dropped support for BlackBerry and Windows Phone.) If you have an iPhone, or any other smartphone bought in the past couple of years, you don’t have Flash.
Don’t I need it on my computer?
Generally not. Most websites have switched over to another video format, called HTML 5. It’s the default on both YouTube and Vimeo, for example. So unless you know you need Flash for a specific site, it’s best to uninstall it or block it.
How do I get rid of this nasty thing?
For Internet Explorer, follow Microsoft’s instructions for how to turn off or remove add-ons.
For Chrome, see Google’s instructions specifically for disabling Flash Player.
If you have Safari on a Mac, follow Adobe’s own instructions for removing it.
Once Flash is gone, will older videos still play on my computer?
If a website requires Flash to display videos or animation, you will need to install Flash to watch it. There’s no way around that.
It’s typical for Flash-based sites to display alerts when they detect that Flash is not installed. If you see this — and you absolutely must view that video — we recommend downloading and installing Flash directly from Adobe.com, as fake installation popups that lead to spyware are an age-old trick employed by untrustworthy websites.
Luckily all the popular Web browsers allow you to temporarily install or enable Flash for only the times you happen to need it. So if you’ve installed Flash to view a website (many U.S government sites use it, for example), it’s probably a good idea to disable it as soon as you are done there.
So that’s everything you need to know about the risks and rewards of the Flash dance. Considering all the above, conventional wisdom dictates that living Flash-free is probably worth trying. After all, if you didn’t know what Adobe Flash was before reading this article, there’s a good chance you won’t miss it once it’s gone.
UPDATE: Adobe has released a new version of Flash that Mozilla Firefox does not block by default.