Amazon Drops Flash due to Risks Posed by Flash

Techweekeurope.co.uk reported on 24th August, 2015 stating that Amazon plans to bid adieu to Flash-based advertising in its e-com websites because most extensively used browsers have restricted the technology.

The browser modifications are themselves in response to rising use of security flaws in Flash by attackers to attack users through malicious commercials.

Consequently, users seeing webpages with Flash content frequently meet with browser prompts which could disturb their experience of its websites as told by Amazon.

Slashgear.com published news on 24th August, 2015 quoting the company's notification to advertisers as "This is motivated by recent browser setting updates from Google Chrome and on hand browser settings from Mozilla Firefox and Apple Safari restricting Flash content showed on webpages. This change makes sure that customers can carry on having a positive and reliable experience on Amazon and ensures that advertisements displayed across the website function appropriately for best performance."

The change is scheduled to happen on 1st September. Adobe fixed 34 security flaws in Flash early this month followed by a July update which fixed 36 bugs.

July update was led by an unfixed patch which fixed two previously unidentified issues which were made public when data embezzled from Milan-based surveillance firm Hacking Team was released.

Companies such as Amazon are looking at what happened to Yahoo for a period of one week or so at the end of July and are starting to get serious about the death of Flash. Yahoo was attacked by a wave of malicious advertising for over a week targeting vulnerable older versions of Flash and sending users to sites struck by malware.

Guidelines of Amazon are all focused at preventing most of the malicious advertising which has been distributed by Flash over the years. For example, all ad content must come from the ad publishers server domain and may not call in content from a different domain (to fight spoofing of URL). All domain and URL references must be from named domains and not raw IP addresses where the user cannot tell where they are going. The display URL must actually go to where it says it is going and advertisements must not initiate downloads.

» SPAMfighter News - 9/2/2015