Flash Player once had a large user base, and was a common format for web games, animations, and graphical user interface (GUI) elements embedded in web pages. Adobe stated in 2013 that more than 400 million out of over 1 billion connected desktops updated to new versions of Flash Player within six weeks of release. However, Flash Player became increasingly criticized for its performance, consumption of battery on mobile devices, the number of security vulnerabilities that had been discovered in the software, and its closed platform nature. Apple co-founder Steve Jobs was highly critical of Flash Player, having published an open letter detailing Apple's reasoning for not supporting Flash on its iOS device family. Its usage also waned because of modern web standards that allow some of Flash's use cases to be fulfilled without third-party plugins. This led to the eventual deprecation of the platform by Adobe. Flash Player was officially discontinued on 31 December 2020, and its download page was removed two days later. Since 12 January 2021, Flash Player (original global variants) versions newer than 18.104.22.1681, released in May 2020, refuse to play Flash content and instead display a static warning message. The software remains supported in mainland China and in some enterprise variants.
Adobe Flash Player is a runtime that executes and displays content from a provided SWF file, although it has no in-built features to modify the SWF file at runtime. It can execute software written in the ActionScript programming language which enables the runtime manipulation of text, data, vector graphics, raster graphics, sound, and video. The player can also access certain connected hardware devices, including the web cameras and microphones, after permission for the same has been granted by the user.
Flash Player was used internally by the Adobe Integrated Runtime (AIR), to provide a cross-platform runtime environment for desktop applications and mobile applications. AIR supports installable applications on Windows, Linux, macOS, and some mobile operating systems such as iOS and Android. Flash applications must specifically be built for the AIR runtime to use additional features provided, such as file system integration, native client extensions, native window/screen integration, taskbar/dock integration, and hardware integration with connected Accelerometer and GPS devices.
Flash Player included native support for many data formats, some of which can only be accessed through the ActionScript scripting interface.
XML: Flash Player has included native support for XML parsing and generation since version 8. XML data is held in memory as an XML Document Object Model, and can be manipulated using ActionScript. ActionScript 3 also supports ECMAScript for XML (E4X), which allows XML data to be manipulated more easily.
AMF: Flash Player allows application data to be stored on users computers, in the form of Local Shared Objects, the Flash equivalent to browser cookies. Flash Player can also natively read and write files in the Action Message Format, the default data format for Local Shared Objects. Since the AMF format specification is published, data can be transferred to and from Flash applications using AMF datasets instead of JSON or XML, reducing the need for parsing and validating such data.
SWF: The specification for the SWF file format was published by Adobe, enabling the development of the SWX Format project, which used the SWF file format and AMF as a means for Flash applications to exchange data with server side applications. The SWX system stores data as standard SWF bytecode which is automatically interpreted by Flash Player. Another open-source project, SWXml allows Flash applications to load XML files as native ActionScript objects without any client-side XML parsing, by converting XML files to SWF/AMF on the server.
Flash Player is primarily a graphics and multimedia platform, and has supported raster graphics and vector graphics since its earliest version. It supports the following different multimedia formats which it can natively decode and play back.
MP3: Support for decoding and playback of streamingMPEG-2 Audio Layer III (MP3) audio was introduced in Flash Player 4. MP3 files can be accessed and played back from a server via HTTP, or embedded inside an SWF file, which is also a streaming format.
PNG: Support for decoding and rendering Portable Network Graphics (PNG) images, in both its 24-bit (opaque) and 32-bit (semi-transparent) variants. Flash Player 11 can also encode a PNG bitmap via ActionScript.
JPEG: Support for decoding and rendering compressed JPEG images. Flash Player 10 added support for the JPEG-XR advanced image compression standard developed by Microsoft Corporation, which results in better compression and quality than JPEG. JPEG-XR enables lossy and lossless compression with or without alpha channel transparency. Flash Player 11 can also encode a JPEG or JPEG-XR bitmap via ActionScript.
GIF: Support for decoding and rendering compressed Graphics Interchange Format (GIF) images, in its single-frame variants only. Loading a multi-frame GIF will display only the first image frame.
TCP: Support for Transmission Control Protocol (TCP) Internet socket communication to communicate with any type of server, using stream sockets. Sockets can be used only via ActionScript, and can transfer plain text, XML, or binary data (ActionScript 3.0 and later). To prevent security issues, web servers that permit Flash content to communicate with them using sockets must host an XML-based cross domain policy file, served on Port 843. Sockets enable AS3 programs to interface with any kind of server software, such as MySQL.
Until version 10 of the Flash player, there was no support for GPU acceleration. Version 10 added a limited form of support for shaders on materials in the form of the Pixel Bender API, but still did not have GPU-accelerated 3D vertex processing. A significant change came in version 11, which added a new low-level API called Stage3D (initially codenamed Molehill), which provides full GPU acceleration, similar to WebGL. (The partial support for GPU acceleration in Pixel Bender was completely removed in Flash 11.8, resulting in the disruption of some projects like MIT's Scratch, which lacked the manpower to recode their applications quickly enough.)
Current versions of Flash Player are optimized to use hardware acceleration for video playback and 3D graphics rendering on many devices, including desktop computers. Performance is similar to HTML5 video playback. Also, Flash Player has been used on multiple mobile devices as a primary user interface renderer.
Although code written in ActionScript 3 executes up to 10 times faster than the prior ActionScript 2, the Adobe ActionScript 3 compiler is a non-optimizing compiler, and produces inefficient bytecode in the resulting SWF, when compared to toolkits such as CrossBridge.
CrossBridge, a toolkit that targets C++ code to run within the Flash Player, uses the LLVM compiler to produce bytecode that runs up to 10 times faster than code the ActionScript 3 compiler produces, only because the LLVM compiler uses more aggressive optimization.
Adobe has released ActionScript Compiler 2 (ASC2) in Flex 4.7 and onwards, which improves compilation times and optimizes the generated bytecode and supports method inlining, improving its performance at runtime.
As of 2012, the Haxe multiplatform language can build programs for Flash Player that perform faster than the same application built with the Adobe Flex SDK compiler.[unreliable source?]
Flash Player applications and games can be built in two significantly different methods:
"Flex" applications: The Adobe Flex Framework is an integrated collection of stylable Graphical User Interface, data manipulation and networking components, and applications built upon it are termed "Flex" applications. Startup time is reduced since the Flex framework must be downloaded before the application begins, and weighs in at approximately 500KB. Editors include Adobe Flash Builder and FlashDevelop.
"Pure ActionScript" applications: Applications built without the Flex framework allow greater flexibility and performance. Video games built for Flash Player are typically pure-Actionscript projects. Various open-source component frameworks are available for pure ActionScript projects, such as MadComponents, that provide UI Components at significantly smaller SWF file sizes.
In both methods, developers can access the full Flash Player set of functions, including text, vector graphics, bitmap graphics, video, audio, camera, microphone, and others. AIR also includes added features such as file system integration, native extensions, native desktop integration, and hardware integration with connected devices.
Adobe provides five ways of developing applications for Flash Player:
Adobe also developed the CrossBridge toolkit which cross-compilesC/C++ code to run within the Flash Player, using LLVM and GCC as compiler backends, and high-performance memory-accessopcodes in the Flash Player (termed "Domain Memory") to work with in-memory data quickly. CrossBridge is targeted toward the game development industry, and includes tools for building, testing, and debugging C/C++ projects in Flash Player.
The "projector" version is a standalone player that can open SWF files directly.
On February 22, 2012, Adobe announced that it would no longer release new versions of NPAPI Flash plugins for Linux, although Flash Player 11.2 would continue to receive security updates. In August 2016 Adobe announced that, beginning with version 24, it will resume offering of Flash Player for Linux for other browsers.
The Extended Support Release (ESR) of Flash Player on macOS and Windows was a version of Flash Player kept up to date with security updates, but none of the new features or bug fixes available in later versions. In August 2016, Adobe discontinued the ESR branch and instead focused solely on the standard release.
In 2011, Flash Player had emerged as the de facto standard for online video publishing on the desktop, with adaptive bitrate video streaming, DRM, and fullscreen support. On mobile devices, however, after Apple refused to allow the Flash Player within the inbuilt iOS web browser, Adobe changed strategy, enabling Flash content to be delivered as native mobile applications using the Adobe Integrated Runtime.
Up until 2012, Flash Player 11 was available for the Android (ARM Cortex-A8 and above), although in June 2012, Google announced that Android 4.1 (codenamed Jelly Bean) would not support Flash by default. In August 2012, Adobe stopped updating Flash for Android.
Adobe said it will optimize Flash for use on ARM architecture (ARMv7 and ARMv6 architectures used in the Cortex-A series of processors and in the ARM11 family) and release it in the second half of 2009. The company also stated it wants to enable Flash on NVIDIA Tegra, Texas Instruments OMAP 3, and Samsung ARMs. Beginning 2009, it was announced that Adobe would be bringing Flash to TV sets via Intel Media Processor CE 3100 before mid-2009.ARM Holdings later said it welcomes the move of Flash, because "it will transform mobile applications and it removes the claim that the desktop controls the Internet." However, as of May 2009, the expected ARM/Linux netbook devices had poor support for Web video and fragmented software base.
Adobe announced on July 25, 2017, that it would end support for the normal/global variant of Flash Player on January 1, 2021, and encouraged developers to use HTML5 standards in place of Flash. The announcement was coordinated with Apple,Facebook,Google,Microsoft, and Mozilla. Adobe announced that all major web browsers planned to officially remove the Adobe Flash Player component on December 31, 2020, and Microsoft removed it from the Windows OS in January 2021 via Windows Update. In a move to further reduce the number of Flash Player installations, Adobe added a "time bomb" to Flash to disable existing installations after January 12, 2021. In mid-2020, Flash Player started prompting users to uninstall itself. Adobe removed all existing download links for Flash installers. After January 26, 2021, all major web browsers including Apple Safari, Google Chrome, Microsoft Edge, and Mozilla Firefox have already permanently removed Flash support. However, Flash content continues to be accessible on the web through emulators such as Ruffle, with varying degrees of compatibility and performance, although this is not endorsed by Adobe.
Starting from Chrome 76, Flash is disabled by default without any prompts to activate Flash content. Users who wanted to play Flash content had to manually set a browser to prompt for Flash content, and then during each browser session enable Flash plugin for every site individually. Microsoft Edge, which is based on Chromium, followed the same plan as Google Chrome.
Google Chrome blocked the Flash plugin as "out of date" in January 2021, and fully removed it from the browser with Chrome version 88, released on January 20, 2021.
Starting with Firefox 85, Flash is disabled by default without any prompts to activate Flash content. To play Flash content, users had to manually set a browser to prompt for Flash content, and then during each browser session enable Flash plugin for every site individually. Firefox 85, released on January 26, 2021, completely removed support for the Flash plugin.Firefox ESR dropped support on November 2, 2021 (Firefox 78 ESR was the last version with support).
On October 27, 2020, Microsoft released an update (named KB4577586) for Windows 10 and 8.1 which removes the embedded Adobe Flash Player component from IE11 and Edge Legacy. In July 2021, this update was automatically installed as a security patch. However, an ActiveX Flash Player plugin may still be used with IE after this update is applied.
Despite the years of notice, several websites still were using Flash following December 31, 2020, including the U.S. Securities and Exchange Commission. Many of these were resolved in the weeks after the deadline. However, many educational institutions still relied on Flash for educational material and did not have a path forward for replacement.
The China-specific variant of Flash will be supported beyond 2020, by a company known as Zhongcheng. The Projector (standalone) versions of this variant also work outside of China and do not include the "Flash Helper Service"; however, some tracking code still seems to be present. They are available on a somewhat hidden "Debug" page. In addition, as the global variant of the plugin was discontinued, some users have figured how to modify and repack the China-specific variant to bring it more in line with the global variant. This includes removing the "Flash Helper Service" and removing the China only installation restriction, along with all other geo-restrictions and tracking code. A "time bomb", similar to the one found in later versions of the global variant, is also present in the unmodified China variant; this is also removed in most repacks. In theory, these repacks should provide users outside of China with the latest security updates to Flash Player, without having to deal with invasive advertisements or worry about privacy risks. One such project, "Clean Flash Installer", was served a DMCA takedown from Adobe in October 2021.
Adobe has partnered with Harman to support enterprise Flash Player users until at least 2023. The Harman Flash player variant is labeled as version 50.x, to avoid confusion with other variants.
Shortly after Flash EOL, South African Revenue Service (SARS) released a custom version of Chromium browser with the Adobe Flash Player "time bomb" removed. This browser can access only a small set of SARS online pages containing Flash-based forms required for filing financial reports.
Adobe Flash Player Projector
Although no longer available directly from Adobe, all versions of Adobe Flash Player Projector (also known as Adobe Flash Player Standalone) lack the "time bomb" present in the newer plug-in variants, and thus continue to be able to play all supported Flash file formats, including SWF files, without modification.
The Internet Archive hosts some Flash content and makes it playable in modern browsers via emulators Ruffle and Emularity. Other emulators, such as CheerpX, also exist as options for Flash Player emulation on other websites. BlueMaxima's Flashpoint project claims to have collected more than 38,000 Adobe Flash Player games and animations and made them available for download.
In some browsers, prior Flash versions have had to be uninstalled before an updated version could be installed. However, as of version 11.2 for Windows, there are now automatic updater options. Linux is partially supported, as Adobe is cooperating with Google to implement it via Chrome web browser on all Linux platforms.
Mixing Flash applications with HTML leads to inconsistent input handling leading to poor user experience with the site (keyboard and mouse not working as they would in an HTML-only document).
Flash Player supports persistent local storage of data (also referred to as Local Shared Objects), which can be used similarly to HTTP cookies or Web Storage in web applications. Local storage in Flash Player allows websites to store non-executable data on a user's computer, such as authentication information, game high scores or web browser games, server-based session identifiers, site preferences, saved work, or temporary files. Flash Player will only allow content originating from exactly the same website domain to access data saved in local storage.
Because local storage can be used to save information on a computer that is later retrieved by the same site, a site can use it to gather user statistics, similar to how HTTP cookies and Web Storage can be used. With such technologies, the possibility of building a profile based on user statistics is considered by some a potential privacy concern. Users can disable or restrict use of local storage in Flash Player through a "Settings Manager" page. These settings can be accessed from the Adobe website or by right-clicking on Flash-based content and selecting "Global Settings".
Local storage can be disabled entirely or on a site-by-site basis. Disabling local storage will block any content from saving local user information using Flash Player, but this may disable or reduce the functionality of some websites, such as saved preferences or high scores and saved progress in games.
Flash Player 10.1 and upward honor the privacy mode settings in the latest versions of the Chrome, Firefox, Internet Explorer, and Safari web browsers, such that no local storage data is saved when the browser's privacy mode is in use.
Adobe security bulletins and advisories announce security updates, but Adobe Flash Player release notes do not disclose the security issues addressed when a release closes security holes, making it difficult to evaluate the urgency of a particular update. A version test page allows the user to check if the latest version is installed, and uninstallers may be used to ensure that old-version plugins have been uninstalled from all installed browsers.
In February 2010, Adobe officially apologized for not fixing a known vulnerability for over a year. In June 2010 Adobe announced a "critical vulnerability" in recent versions, saying there are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. Later, in October 2010, Adobe announced another critical vulnerability, this time also affecting Android-based mobile devices. Android users have been recommended to disable Flash or make it only on demand. Subsequent security vulnerabilities also exposed Android users, such as the two critical vulnerabilities published in February 2013 or the four critical vulnerabilities published in March 2013, all of which could lead to arbitrary code execution.
Symantec's Internet Security Threat Report states that a remote code execution in Adobe Reader and Flash Player was the second most attacked vulnerability in 2009. The same report also recommended using browser extensions to disable Flash Player usage on untrusted websites. McAfee predicted that Adobe software, especially Reader and Flash, would be primary target for attacks in 2010. Adobe applications had become, at least at some point, the most popular client-software targets for attackers during the last quarter of 2009. The Kaspersky Security Network published statistics for the third quarter of 2012 showing that 47.5% of its users were affected by one or more critical vulnerabilities. The report also highlighted that "Flash Player vulnerabilities enable cybercriminals to bypass security systems integrated into the application."
Steve Jobs criticized the security of Flash Player, noting that "Symantec recently highlighted Flash for having one of the worst security records in 2009". Adobe responded by pointing out that "the Symantec Global Internet Threat Report for 2009, found that Flash Player had the second lowest number of vulnerabilities of all Internet technologies listed (which included both web plug-ins and browsers)."
Flash Player 11.2 does not play certain kinds of content unless it has been digitally signed by Adobe, following a license obtained by the publisher directly from Adobe.
This move by Adobe, together with the abandonment of Flex to Apache was criticized as a way to lock out independent tool developers, in favor of Adobe's commercial tools.
This has been resolved as of January 2013, after Adobe no longer requires a license or royalty from the developer. All premium features are now classified as general availability, and can be freely used by Flash applications.
In April 2010, Steve Jobs, at the time CEO of Apple Inc. published an open letter explaining why Apple would not support Flash on the iPhone, iPod Touch, and iPad. In the letter he blamed problems with the "openness", stability, security, performance, and touchscreen integration of the Flash Player as reasons for refusing to support it. He also claimed that when one of Apple's Macintosh computers crashes, "more often than not" the cause can be attributed to Flash, and described Flash as "buggy". Adobe's CEO Shantanu Narayen responded by saying, "If Flash [is] the number one reason that Macs crash, which I'm not aware of, it has as much to do with the Apple operating system."
Steve Jobs also claimed that a large percentage of the video on the Internet is supported on iOS, since many popular video sharing websites such as YouTube have published video content in an HTML5 compatible format, enabling videos to playback in mobile web browsers even without Flash Player.
Mainland China–specific variant
Starting with version 30, Adobe stopped distributing Flash Player directly to users from mainland China. Instead, they selected 2144.cn as a partner and released a special variant of Flash Player on a specific website, which contains a non-closable process, known as the "Flash Helper Service", that collects private information and pops up advertisement window contents, by receiving and running encrypted programs from a remote server. The partnership started in about 2017, but in version 30, Adobe disabled the usage of vanilla (global) variant of Flash Player in mainland China, forcing users to use that specific variant, which may pose a risk to its users due to Internet censorship by Chinese Communist Party (CCP). This only affected Chinese Chromium based browser users, Firefox users, and Internet Explorer users using Windows 7 and below, as Microsoft still directly distributed Flash Player for Internet Explorer and Microsoft Edge through Windows Update in Windows 8 and upward at the time. Starting in 2021, however, this variant is the only publicly supported version of Flash Player.
Brought improvements to animation, playback, digital art, and publishing, as well as the introduction of simple script commands for interactivity
Macromedia Flash Player 4 (June 15, 1999)
Saw the introduction of streaming MP3s and the Motion Tween. Initially, the Flash Player plug-in was not bundled with popular web browsers and users had to visit Macromedia website to download it. As of 2000, however, the Flash Player was already being distributed with all AOL, Netscape and Internet Explorer browsers. Two years later it shipped with all releases of Windows XP. The install-base of the Flash Player reached 92 percent of all Internet users.
Macromedia Flash Player 5 (August 24, 2000)
A major advance in ability, with the evolution of Flash's scripting abilities as released as ActionScript
Saw the ability to customize the authoring environment's interface
Macromedia Generator was the first initiative from Macromedia to separate design from content in Flash files. Generator 2.0 was released in April 2001, and featured real-time server-side generation of Flash content in its Enterprise Edition. Generator was discontinued in 2002, in favor of new technologies such as Flash Remoting, which allows for seamless transmission of data between the server and the client, and ColdFusion Server.
In October 2000, usability guru Jakob Nielsen wrote a polemic article regarding usability of Flash content entitled "Flash: 99% Bad". (Macromedia later hired Nielsen to help them improve Flash usability.)
Supports progressive audio and video streaming (HTTP)
Supports ActionScript 2.0, an object-oriented programming language for developers
Ability to create charts, graphs and additional text effects with the new support for extensions (sold separately), high fidelity import of PDF and Adobe Illustrator 10 files, mobile and device development and a forms-based development environment. ActionScript 2.0 was also introduced, giving developers a formal object-oriented approach to ActionScript. V2 Components replaced Flash MX's components, being rewritten from the ground up to take advantage of ActionScript 2.0 and object-oriented principles.
In 2004, the "Flash Platform" was introduced. This expanded Flash to more than the Flash authoring tool. Flex 1.0 and Breeze 1.0 were released, both of which used the Flash Player as a delivery method but relied on tools other than the Flash authoring program to create Flash applications and presentations. Flash Lite 1.1 was also released, enabling mobile phones to play Flash content.
Last version for Windows 95/NT4 and Mac Classic
^Symantec Global Internet Threat Report for 2009Archived August 4, 2010, at the Wayback Machine, page 40, "In 2009, Symantec documented 321 vulnerabilities affecting plug-ins for Web browsers (figure 9). ActiveX technologies were affected by 134 vulnerabilities, which was the highest among the plug-in technologies examined. Of the remaining technologies, Java SE had 84 vulnerabilities, Adobe Reader had 49 vulnerabilities, QuickTime had 27 vulnerabilities, and Adobe Flash Player was subject to 23 vulnerabilities. The remaining four vulnerabilities affected extensions for Firefox."