Flash is really dead


I know I sound like captain obvious here. I am also sure that 99.9999998% of you reading this blog would never humor the thought of running flash on a PowerPC Mac OS. However I just saw something very serious on the TenFourFox Development blog. Cameron Kaiser wrote about a full blown flash exploit. This vulnerability is as serious as they come. You can read more about it at the link above.

You may see or know people who choose to roll the dice and run flash on a PowerPC Mac OS in 2014. Some even go to lengths as far as tricking websites into thinking they have a later version than what they do, while in reality they have the same old insecure version under the hood. I've heard some arguments for it. "Most of the bad stuff on the web is written for Intel macs, it won't run on my PowerPC." "The chances of me getting hit are so astronomically low." The first claim is simply not true when it comes to this new exploit as it will run on a PowerPC mac. The second argument is simply a gamble. We here at PowerPC Liberation will not gamble with security or advise people to do so, no matter how "good" the odds are.

The good news is that there are plenty of flash alternatives at our disposal. We just need to adapt and implement them. Dan at PPC Luddite has a whole section of his blog dedicated to flash alternatives. When you start up TenFourFox, its start page also gives you links to QuickTime enabler and MacTubes enabler.

We have plenty of good options to get around using flash on our Power Macs. I know you already knew this, but just in case you didn't, it is time to put flash to rest on Power Macs, end of story.

7 comments:

  1. I saw that article on TenFourFox, too. It is definitely time to stop using Flash on PowerPC as updates are wildly out of date.

    Do you have any experience using GNU Gnash in Debian Linux?

    ReplyDelete
    Replies
    1. Sorry for the late reply. Unfortunately I do not have any personal experience with gnash. It looks like something that would fun to tinker with though.

      I saw you over at PPC Luddite, it looks like you got some decent results out of it.

      Delete
  2. It's not (technically) a binary exploit -- it creates SWFs that are malicious that the PowerPC Flash VM will run. So, while the attack is universal, it's not in the sense of a universal binary. That's an academic point though, because it will run and succeed on a Power Mac.

    ReplyDelete
    Replies
    1. Thank you for correcting me, I have modified the post accordingly.

      Delete
  3. Earlier today I referred to the exploit as an universal binary exploit. The anonymous reader above has provided the correct information.

    The standard at PowerPC Liberation is to provide you, the readers, with accurate information. My original post was not up to that standard. I apologize for the error and any confusion my error may have caused. I will be more discerning and careful from now on.

    ReplyDelete
    Replies
    1. One of the main things that makes someone an adult is being able to admit when you make a mistake. I really like the way you handled that; it tells me I chose the right person.

      The even better part is that you say you'll try harder, which is really the only way to deal with a mistake. Again, well done.

      Things here in France are incredible to say the least. I hope all is well with you, Mark. I'm just an email away if you need me.

      Delete
    2. Thank you for the kind words and for bringing me on as a contributor. I know I have said it before but I am glad to be here.

      I have been doing well. I am currently plotting the quicksilver cooling project and looking forward to kicking it off.

      It is good to hear that you are enjoying France. I will not hesitate to email you if I need a hand.

      Delete