Facebook Disabled Flash For Video Finally


So Facebook disabled Flash for video finally, sadly it’s still there for games but a large use case for it just went out the window. And really, it’s not surprising after the recent mega patch in Adobe Flash that fixed 78 CVE classified vulnerabilities.

Facebook Disabled Flash For Video Finally

There’s just no good reason for anyone to still be using Flash and browsers, if they don’t block it completely, should at minimum make it click to enable on a site by site basis.

That doesn’t guarantee safety though with Flash vulnerabilities floating around in drive-by malware hiding in Flash based ad units. Just say no to Flash.

Facebook has hammered another nail in to the coffin of Adobe Flash, by switching from the bug-ridden plug-in to HTML5 for all videos on the site.

The Social NetworkTM explained the move by saying “Moving to HTML5 best enables us to continue to innovate quickly and at scale, given Facebook’s large size and complex needs.”

Flash hasn’t been completely banished: Facebook says it is “continuing to work together with Adobe to deliver a reliable and secure Flash experience for games on our platform.”

Facebook’s Daniel Baulig writes that going to HTML5 means the company can “tap into the excellent tooling that exists in browsers, among the open source community, and at Facebook in general. Not having to recompile code and being able to apply changes directly in the browser allow us to move fast.”

“HTML5 made it possible for us to build a player that is fully accessible to screen readers and keyboard input,” Baulig added, going on to explain that the standard will make it easier to develop for people with visual impairments.


Less of the web is becoming reliant on Flash with video being one of the big hold outs, Youtube moved away earlier this year – but most WordPress plugins, private sites players and anyone else playing or streaming video still use Flash based players.

With a big site like Facebook going fully HTML5 for video, it should lead the way and push people in the right direction (hopefully).

But HTML5 is no panacea: Baulig wrote that “we noticed that a lot of the older browsers would simply perform worse using the HTML5 player than they had with the old Flash player.”

“We saw more errors, longer loading times, and a generally worse experience.”

The Social NetworkTM therefore moved to HTML5 for newer browsers some time ago, adding more browsers over time has improved its video player. As of December 19th, however, it’s all HTML5 all the time, no matter the browser with which you venture into The House That Zuck Built.

And The House always wins: Baulig says “People like, comment, and share more on videos after the switch, and users have been reporting fewer bugs. People appear to be spending more time with video because of it.”

As Baulig’s post points out, Facebook operates at unusual scale and therefore has unusual needs. Yet the site’s considerable influence means developers everywhere are likely to be asked to consider this decision before long, not least because YouTube’s also flushed Flash.

It’s one thing I am grateful to Apple for – leading the anti-Flash movement since the very beginning. Can’t blame them really, why implement such an insecure piece of software into your walled garden.

I don’t see the big Facebook games reimplementing in HTML5 any time soon unless Facebook forces their hand, I hope it’s already tabled though and Facebook has given a deadline to totally stop the use of Flash on the platform.

Source: The Register

Posted in: Exploits/Vulnerabilities

, , , ,


Latest Posts:


zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors
Memhunter - Automated Memory Resident Malware Detection Memhunter – Automated Memory Resident Malware Detection
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving threat hunter analysis process.
Sandcastle - AWS S3 Bucket Enumeration Tool Sandcastle – AWS S3 Bucket Enumeration Tool
Sandcastle is an Amazon AWS S3 Bucket Enumeration Tool, formerly known as bucketCrawler. The script takes a target's name as the stem argument (e.g. shopify).
Astra - API Automated Security Testing For REST Astra – API Automated Security Testing For REST
Astra is a Python-based tool for API Automated Security Testing, REST API penetration testing is complex due to continuous changes in existing APIs.
Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network


Comments are closed.