Google and Mozilla pull the plug on Adobe Flash

Leaked documents have revealed the program has a serious vulnerability that lets hackers take over anyone's computer.

And despite various patches and attempts at fixes, Google and Mozilla have now both pulled support for the plugin on their respective Chrome and Firefox browsers. 

Adobe Flash, also known as Shockwave Flash, is used by websites to show multimedia items such as videos, graphics, games and animations. 

It was once the go-to standard for multimedia, but many sites now use a markup language known as HTML 5 that does a similar job but is more advanced, doesn't require browser plugins and, given the recent hacks, is more secure.

Plugins, in particular, need to be updated regularly and are vulnerable to security flaws if people are using out-of-date versions. 

Such a weakness was recently found in both the software version of Adobe Flash, and its plugin. 

By its nature, the Chrome version of the Flash plugin is more secure than the program but its extra security was still not enough to block hackers completely.  

This flaw was revealed when a cyberattack on government-sponsored group Hacking Team leaked a series of documents.

These documents showed the Italian group using at least three unpatched Flash exploits to reportedly hack into people's accounts and take over their computers.

It appears this organisation allegedly sold tools and services to governments, including oppressive regimes. 

However, once the details of the flaws were made public it left the software open to other hacking groups and cybercriminals that could potentially take advantage of them.

This could involve attackers installing malware on people's computers, stealing personal details, monitoring keystrokes to steal passwords and more.

And it is believed these exploits have been live for at least four years. 

Since the documents were leaked, security researchers have verified three previously unknown attacks, and the most recent, spotted by Trend Micro, has been rated as 'critical.'

Following the leak Adobe released a patch to fix the original vulnerability and this update was released on 8 July.

Earlier today the firm released another updated to Flash Player and said: 'We are proactively pushing the update out to users. We are also working with browser vendors to distribute the updated player.

'Flash Player is one of the most ubiquitous and widely distributed pieces of software in the world, and as such, is a target of malicious hackers. 

'We are actively working to improve Flash Player security, and as we did in this case, will work to quickly address issues when they are discovered.'

It added that it will partner with browsers to both improve Flash Player security as well as invest in, contribute to and support more modern technologies such as HTML5 and javascript. 

Despite this, both Google and Mozilla have pulled support for the Adobe Flash plugin on Chrome and Firefox.

On Chrome, users will see an error message when they visit sites running Flash prompting them to upgrade the plugin, or it will let them 'Run this time.' 

This enables the plugin for that specific video or graphic. 

But when they try to update it, as per Google's official instructions, the component fails to update.

Google has not released an official statement. 

On Firefox, updating the vulnerable Shockwave Flash plugin takes users to a blocked plugin page. 

It explains: 'Flash Player Plugin between 11.0 and 11.7.700.169 has been blocked for your protection.

'Old versions of the Flash Player plugin are potentially insecure and unstable. All users are strongly recommended to update on our plugin check page.'

It warns that all users who have these versions are affected and Mozilla is automatically disabling the plugin. 

Adobe has not yet responded to MailOnline's request for comment.  

Security researchers are advising people that 'due to the serious nature of this vulnerability and the likely risk of its use in cyberattacks in the coming days, we recommend users disable Adobe Flash Player in their browsers until the issue is patched.'

Others are suggesting removing Adobe Flash completely. 

Be aware, though, that removing or disabling Flash will have a knock-on effect on websites and users may find they can't use certain features on such sites without it. 

Apple has not supported Flash on its iOS software since 2010. 

In April that year, the late co-founder Steve Jobs published an open letter called Thoughts on Flash in which he said Flash caused poor performance, impacted battery life and had 'abysmal security'. 

Last week, Facebook's chief security officer Alex Stamon tweeted: 'It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.'

(dailymail.co.uk)