In the next term "Safari 10" Adobe Flash is invalidated from the beginning



Apple is nextMacOSStandard browser adopted by "Safari 10I decided to disable Adobe Flash by default. In the background, the fatal problem called "vulnerability that can suffer zero day attack" held by Flash is obscured and obscured.

Next Steps for Legacy Plug-ins | WebKit
https://webkit.org/blog/6589/next-steps-for-legacy-plug-ins/

In Safari 10, plug-ins such as Adobe Flash and Silverlight which were necessary for interactive contents playback mainly of movies are invalidated by default. For example, on a website that implements both Flash and HTML5, Safari always applies HTML5 to display the content.

If you do not have a plug-in such as Flash installed and you want to display a site that does not have HTML 5 and only Flash, the current Safari will display the plug-in with the indication "Adobe Flash is not installed" A link will be displayed, but Safari 10 says that this type of link will not be displayed. Instead, an option to temporarily activate a plug-in such as Flash is displayed, and if you select temporary use, you can use Flash content without HTML5 environment. In other words, instead of activating Flash in the entire browser, you can choose to activate for each site.

You can use Flash temporarily by choosing "Use Once" in the image below. The expression "To improve security" in the notice is miso.


Flash hasZero-day attackIt may takeVulnerabilityThere is a serious security problem because it is attached to it. For example, the latest version of Flash (21.0.0.242) at article creation is called ScarCruftAPT attackThe risk of being pointed out by the Kaspersky Institute.

Adobe Flash Zero-day used in targeted attacks - Securelist
https://securelist.com/blog/research/75082/cve-2016-4171-adobe-flash-zero-day-used-in-targeted-attacks/

Adobe itself knows about this vulnerability, but Adobe announced that "we will release it as soon as June 16, 2016" about this vulnerability modification.

Adobe Security Advisory
https://helpx.adobe.com/security/products/flash-player/apsa16-03.html

The above-mentioned Kaspersky Laboratory was critical of Adobe's slow response, and until the support on June 16, the effectiveness was confirmed for mitigation of attackMicrosoft EMETWe recommend the use of.

Not only Safari 10 but alreadyGoogle also announces Flash stop in browser Chrome, And it is likely that Flash exclusion will be mainstream at last.

It was decided that Flash stop finally became the default initial setting in Chrome and will be played blocked - GIGAZINE

in Software, Posted by darkhorse_log