Flash will never return to glory days, Bufferzone CEO says

After being hit by another malware attack yesterday, Adobe issued a batch of 69 patches for Flash, but also for its other products, including Reader and Acrobat.

This is yet another in Adobe's many attempts to try and save its (in)famous product, that's been like a punching bag for hackers lately, exposing many of the plugin's vulnerabilities. However, the frequent patches and quick responses from Adobe don't seem to be helping the plugin much, as both Google Chrome and Mozilla Firefox have both blocked it.

Commenting on the latest attack on the barely living Flash, BUFFERZONE CEO, Israel Levy, explains how is it possible that Flash still has unpatched holes, after so many interventions.

"Vulnerabilities are inherent in the many layers of technology that are used to build a modern software application. Adversaries will continue to uncover these vulnerabilities whenever the price is right", Levy told IT Pro Portal via email. "There's a "supply chain" of hackers that uncover vulnerabilities and sell them on the dark net, hackers that create exploit kits, and criminal organizations. And the only way to break is to either:

  • Fix every bug in every application - which is simply not an achievable goal
  • Isolating the flash session in a virtual container, so that the cost of breaking into the organization is high enough to make the return on investment for the exploit unattractive.

The biggest winner of the assault on Flash is JavaScript, says Levy, adding that even though it’s inferior to Flash, it now has close to 90 per cent of penetration.

The trend in Flash usage is showing a sharp and swift decline losing over 2.5 per cent market share in the past year. JavaScript is already the king of the castle on the client side with close to 90 per cent penetration and although some areas (such as 3D) may be inferior, overall, it’s a winner.”

Levy doesn’t, however, see the light at the end of the tunnel for Flash. Asked if he can see Flash ever returning to its former glory, his answer is simple: “NO”.

Both in capital letters.