Everything You Need to Know About The “Rosetta” Flash Exploit

Everyone who’s tech-savvy already knows that Flash isn’t exactly the safest piece of software to use. It’s written in stone: Avoid opening non-trustworthy pages with Flash. While the vast majority of the public is not aware of this, what is perhaps even worse is that they’re not aware that Flash has an exploit that can really ruin their day. This is why you’re about to find out what this new exploit, known informally as the “Rosetta” exploit, is and what you can do about it. 

For those of you who don’t understand what Flash is, it’s the software you sometimes use to view animated content online. Websites like YouTube operated largely on Flash until recently. In case you’re curious, it’s developed and maintained by Adobe after an acquisition from Macromedia.

rosettaflash-exploit

An engineer at Google discovered something awry in Flash’s software. It was basically a security hole that allowed anyone who exploited it to gain access to things like cookies and any other additional data that the browser provides in a request. The engineer, Michele Spagnuolo, developed a tool called “Rosetta Flash” that showed how malicious SWF (Flash content) files can be used to do the things he claimed could happen. For years, the exploit has been out in the open and no one bothered to fix it until now. That fact alone should make you a bit wary of using Flash in the first place.

Luckily for you, Adobe has come up with a fix and it’s already available. The best way to protect yourself at this moment is to update Flash. It’s that simple.  Of course, you should also keep your browser up to date!

If you’re using Chrome, Flash will automatically update if you update your browser. The same goes for Internet Explorer versions 10 and 11.

However, if you’re using Firefox, you will need to manually update Flash using the link I provided above. In case you’re curious, the latest version number is 14.0.0.145.

Flash is a very flimsy piece of work. Considering that it took years for someone to finally plug this security hole, you should definitely avoid having to use it at all costs. My advice would be to stop using Flash entirely.

Don’t panic! There’s a little thing called hypertext markup language (HTML). For several years, it’s been the language that people used to display whatever you see in websites. Until recently, the only thing it did was allow you to create static content. Without helpers like Flash and other media languages and software, you’d just see websites as they were in the 90s.

rosettaflash-html5

This is not the case anymore, though. HTML5, the latest revision of HTML, allows for dynamic multimedia content to be implemented into web pages directly without needing extra layers of software running on top of it. This means you can see videos directly without having to use Flash. Most of the largest websites already support this, so you don’t need to do anything. Just stop using Flash!

All you need to use HTML5 is the latest version of either Chrome, Firefox, Internet Explorer, Opera, or Safari. Using this link, you can see how compatible each one is with the new language. Oh, and don’t worry about your smartphone or tablet. They already support this as long as you’re using one of the mainstream browsers.

The important thing is to leave Flash behind and learn to live without it. Its outdated technology and security risks it presents make it more of a hassle to have around. It’s time for Flash to retire!

To disable flash, follow the proper procedure for your browser:

  • Firefox – Navigate to Firefox -> Addons -> Plugins -> Shockwave Flash. Click on “Disable”. You can enable it when it’s absolutely necessary again by repeating these steps.
  • Google Chrome – Type “chrome:plugins” in the address bar. Find “Adobe Flash Player” and click “Disable”. Again, enable only when necessary.
  • Internet Explorer – Follow this guide.

While most prominent multimedia websites already support HTML5, it’s not always going to be a Flash-free world out there. In the event that Flash is absolutely crucial for you to view content, ensure that the website you’re visiting is trustworthy first. If you’ve never used it, assume hostility on first contact. Safer browsing breeds healthier computers!

If you have some questions about the whole Flash debacle, post them in the comments section!