Hello,

This week Adobe issued a patch for its Flash Player browser plug-in containing thirty six security updates. Flash Player is a web browser plug-in that enables video, games, interactives (like Scratch) and ads on web pages. It has been riddled with security issues for years, with many web developers preferring newer standards such as HTML5.

One of these was for a critical vulnerability, which allowed hackers to crash a victim's computer or take full control of it. If you haven't updated your Adobe Flash player, or don't have it set to automatic updates, I highly recommend that you do. Even Google recently moved YouTube over to HTML5 proving that there was a problem with it. Speaking of Google, Scratch 3.0 will be designed to run well on mobile devices and all modern browsers, and it will be based on HTML5 (moving away from Flash)

Or, if you want to be really safe, stop using Scratch, until Scratch 3.0 comes out. Numerous security experts agree that it is time for Flash to be phased out, including Facebook's chief information officer, Alex Stamos and the late Steve Jobs.

Techno-CAT

I have to fully agree with you. One of the main reasons I don't use Scratch as much is because of it being Adobe. In fact, it's used so much but has such bad security Apple had to go out of their way to make the “Safari Flash Saver Plug-in”. It's atrocious and should've been thought through better. I honestly think it's time for the ST to get their move on with HTML5. Adobe Flash is vanishing off the internet and in less than 2 years will be a restricted software, or at least, forgotten.

So, support for change.

Support if hackers can crash or control computers with Flash 21.0 Player (release 0). Moving it over to HTML5 will be hard for the Scratch Team, but hackers will crash computers with malware but anti-virus programs can clean out the malware, right? But I am thinking kind of semi-support too, as I am using Scratch so much, but hackers didn't crash or control my computer, so I think it is kind of safe. However with all the points you made at that hacking part, I am going to support. Adobe may have bad security but I used Flash Adobe Player 21.0 (release 0) and I'm still not hacked! I think Scratch should be moved to run on HTML5, but then how will Flash users use Scratch? I saw the exact same topic in the Bugs And Glitches sub-forum. Moving Scratch to HTML5 may be hard for the Scratch Team, but it will stop hackers, so support. However, as I said earlier, how will Flash users use Scratch?
I won't support if I have to stop using Scratch because I want to read my messages and create projects, and be active on the forums. But numerous security experts agree Flash to be phased out? I think they should just fix it instead.

bump

So what's the suggestion here?
I suggest to add to Scratch; to not use Scratch! Hmm….

Sigton

Sigton wrote:

So what's the suggestion here?
I suggest to add to Scratch; to not use Scratch! Hmm….

Sigton

I believe the suggestion is to hurry up on 3.0!
Note: That is not supposed to be a factorial.

Macie1234 wrote:

I believe the suggestion is to hurry up on 3.0!
Note: That is not supposed to be a factorial.

So, I guess this is already in progress then…

Sigton

Techno-CAT wrote:

Hello,

This week Adobe issued a patch for its Flash Player browser plug-in containing thirty six security updates. Flash Player is a web browser plug-in that enables video, games, interactives (like Scratch) and ads on web pages. It has been riddled with security issues for years, with many web developers preferring newer standards such as HTML5.

One of these was for a critical vulnerability, which allowed hackers to crash a victim's computer or take full control of it. If you haven't updated your Adobe Flash player, or don't have it set to automatic updates, I highly recommend that you do. Even Google recently moved YouTube over to HTML5 proving that there was a problem with it. Speaking of Google, Scratch 3.0 will be designed to run well on mobile devices and all modern browsers, and it will be based on HTML5 (moving away from Flash)

Or, if you want to be really safe, stop using Scratch, until Scratch 3.0 comes out. Numerous security experts agree that it is time for Flash to be phased out, including Facebook's chief information officer, Alex Stamos and the late Steve Jobs.

Techno-CAT

But that's only if you are linked to a certain SWF, I believe. The Scratch main SWF doesn't contain any hacking code.

Good thing, I've installed a new update of Adobe Flash Player yesterday.

What do you mean :O How do I fix it?

Yeah, scratch shouldn't use Flash.

Techno-CAT wrote:

Scratch 3.0 will be designed to run well on mobile devices and all modern browsers, and it will be based on HTML5 (moving away from Flash)

Yes, so what's the suggestion?

How would Scratch cause you to be “hacked”?

Unless a hacker somehow got the actual Scratch code to do something malicious, it's perfectly safe to use it. It's just as likely for somebody to inject a virus into JavaScript as Flash, as both are pretty difficult to do (depending on how well a website is written )

Now, I guess it could be that Scratch requires Flash which you might not otherwise use, and thus if you do go to some website that requires Flash to execute malicious code and you only have Flash because of Scratch then it was indirectly Scratch's fault, but that's kind of silly…

I have Linux, where Flash isn't even supported anymore

This type of fearmongering really disgusts me. There's no reason to get people all afraid.

__init__ wrote:

I have Linux, where Flash isn't even supported anymore

Same.. Flash sucks.. Have to use chrome because it has it packaged.

Thanks for the heads up! We made a forum post to encourage folks to update their Flash Player. https://scratch.mit.edu/discuss/topic/205440/

Thanks again!

*edit

I'll go ahead and close this topic. Feel free to post any questions / concerns in the Announcement post we made :]