Everything You Need to Know About The “Rosetta” Flash Exploit

Everyone who’s tech-savvy already knows that Flash isn’t exactly the safest piece of software to use. It’s written in stone: Avoid opening non-trustworthy pages with Flash. While the vast majority of the public is not aware of this, what is perhaps even worse is that they’re not aware that Flash has an exploit that can really ruin their day. This is why you’re about to find out what this new exploit, known informally as the “Rosetta” exploit, is and what you can do about it. 

Flash? What’s That?

For those of you who don’t understand what Flash is, it’s the software you sometimes use to view animated content online. Websites like YouTube operated largely on Flash until recently. In case you’re curious, it’s developed and maintained by Adobe after an acquisition from Macromedia.

OK, So What Is The Rosetta Exploit?


An engineer at Google discovered something awry in Flash’s software. It was basically a security hole that allowed anyone who exploited it to gain access to things like cookies and any other additional data that the browser provides in a request. The engineer, Michele Spagnuolo, developed a tool called “Rosetta Flash” that showed how malicious SWF (Flash content) files can be used to do the things he claimed could happen. For years, the exploit has been out in the open and no one bothered to fix it until now. That fact alone should make you a bit wary of using Flash in the first place.

How to Protect Yourself

Luckily for you, Adobe has come up with a fix and it’s already available. The best way to protect yourself at this moment is to update Flash. It’s that simple.  Of course, you should also keep your browser up to date!

If you’re using Chrome, Flash will automatically update if you update your browser. The same goes for Internet Explorer versions 10 and 11.

However, if you’re using Firefox, you will need to manually update Flash using the link I provided above. In case you’re curious, the latest version number is

How to Prevent Any Future Exploits

Flash is a very flimsy piece of work. Considering that it took years for someone to finally plug this security hole, you should definitely avoid having to use it at all costs. My advice would be to stop using Flash entirely.

But How do I Watch Videos Without Flash?

Don’t panic! There’s a little thing called hypertext markup language (HTML). For several years, it’s been the language that people used to display whatever you see in websites. Until recently, the only thing it did was allow you to create static content. Without helpers like Flash and other media languages and software, you’d just see websites as they were in the 90s.


This is not the case anymore, though. HTML5, the latest revision of HTML, allows for dynamic multimedia content to be implemented into web pages directly without needing extra layers of software running on top of it. This means you can see videos directly without having to use Flash. Most of the largest websites already support this, so you don’t need to do anything. Just stop using Flash!

All you need to use HTML5 is the latest version of either Chrome, Firefox, Internet Explorer, Opera, or Safari. Using this link, you can see how compatible each one is with the new language. Oh, and don’t worry about your smartphone or tablet. They already support this as long as you’re using one of the mainstream browsers.

The important thing is to leave Flash behind and learn to live without it. Its outdated technology and security risks it presents make it more of a hassle to have around. It’s time for Flash to retire!

To disable flash, follow the proper procedure for your browser:

  • Firefox – Navigate to Firefox -> Addons -> Plugins -> Shockwave Flash. Click on “Disable”. You can enable it when it’s absolutely necessary again by repeating these steps.
  • Google Chrome – Type “chrome:plugins” in the address bar. Find “Adobe Flash Player” and click “Disable”. Again, enable only when necessary.
  • Internet Explorer – Follow this guide.

Goodbye, Flash! Or Not?

While most prominent multimedia websites already support HTML5, it’s not always going to be a Flash-free world out there. In the event that Flash is absolutely crucial for you to view content, ensure that the website you’re visiting is trustworthy first. If you’ve never used it, assume hostility on first contact. Safer browsing breeds healthier computers!

If you have some questions about the whole Flash debacle, post them in the comments section!

Miguel Leiva-Gomez Miguel Leiva-Gomez

Miguel has been a business growth and technology expert for more than a decade and has written software for even longer. From his little castle in Romania, he presents cold and analytical perspectives to things that affect the tech world.


  1. Since I don’t know of a way to start Flash on my own to do an ABOUT, how can I tell what my current version of Flash is?

    1. The procedure varies depending on your browser.

      For Chrome, type “chrome:plugins” on your browser’s address bar. Find “Adobe Flash Player”. You should have a version in that area.

      In Firefox, it depends on what version you have (they always move the buttons). In the latest version, click the three lines, click “Add ons”, then click “Plugins”. You should find your version under “Shockwave Flash”.

      On Internet Explorer 8 and 9, click “Tools” and then click “Manage Add-ons”. Under “Toolbars and Extensions”, you should see “Shockwave Flash Object” and the version.

  2. You advocate disabling Flash, yet your site and links rely heavily on flash. Interesting. Even more interesting is the fact that 95% of the flash content on your sites and links freeze my browser, disable my sound and requires a complete reboot. Yeah, I’m gonna take your advise,

    1. 0/0 results for SFW on page content. Yes. Disable Flash and view the site the same exact way you saw it yesterday.

    2. My browser is set to “click to play” for flash and I don’t get any “click” prompts on this site.

      1. Mine would say “This page needs Adobe Flash to run”, or something to that extent. Anyway, a multitude of sites are moving to the sleeker and silkier, delicious HTML5 :)

Comments are closed.