Vulnerability Management

Adobe Animate CC safer, but legacy Flash issues to remain

The word spread through the internet faster than malware attacking an unpatched version of Flash, that Adobe was killing off its much maligned Flash Player.

Nothing could be further from the truth, but what Adobe is doing will make those using its new graphic application more secure and require fewer updates, according to several industry watchers.

At the end of November Adobe announced it was transitioning its Flash Professional CC software to something new called Animate CC. The company said in a blog post this tool is for developing HTML5 content, which is the direction the industry has shifted, and will become available early next year. Adobe will continue to support Flash.

“I think this is a solid move. It is a recognition that video is better served through the browser and from a security perspective will let them [Adobe] trim down the app so there will be fewer vulnerabilities,” said Mark Nunnikhoven, vice president of cloud research at Trend Micro.

By pushing the video playback portion of the tool to the browser Adobe will be able to eliminate that code from the app, Nunnikoven said, making it less vulnerable.

However, Adobe's change will not remove the security issues for legacy or future Flash items now available nor any new pieces that are created. Animate CC will support Flash creation, too.

“I do expect that some sites and services will quickly replace Flash with HTML5 content but Flash itself will remain a viable attack vector for as long as popular web browsers continue to support it,” said Craig Young, security researcher with Tripwire in an email to SCMagazine.com on Friday.

Nunnikhoven agreed, adding that users with the Flash plugin on their computer will still need to ensure it is updated regularly.

“There have been 594 registered vulnerabilities since 2005 with 213 of them coming in 2015 with many rated critical,” he said, adding that the situation grew so dire that at one point this year the company recommended removing the plugin entirely as that was the only way to be safe.


Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.