Adobe Flash Player is a runtime that executes and displays content from a provided SWF file, although it has no in-built features to modify the SWF file at runtime. It can execute software written in the ActionScript programming language which enables the runtime manipulation of text, data, vector graphics, raster graphics, sound and video. The player can also access certain connected hardware devices, including web cameras and microphones, after permission for the same has been granted by the user.
Flash Player is used internally by the Adobe Integrated Runtime (AIR), to provide a cross-platform runtime environment for desktop applications and mobile applications. AIR supports installable applications on Windows, Linux, macOS, and some mobile operating systems such as iOS and Android. Flash applications must specifically be built for the AIR runtime to use additional features provided, such as file system integration, native client extensions, native window/screen integration, taskbar/dock integration, and hardware integration with connected Accelerometer and GPS devices.
Flash Player includes native support for many data formats, some of which can only be accessed through the ActionScript scripting interface.
XML: Flash Player has included native support for XML parsing and generation since version 8. XML data is held in memory as an XML Document Object Model, and can be manipulated using ActionScript. ActionScript 3 also supports ECMAScript for XML (E4X), which allows XML data to be manipulated more easily.
AMF: Flash Player allows application data to be stored on users computers, in the form of Local Shared Objects, the Flash equivalent to browser cookies. Flash Player can also natively read and write files in the Action Message Format, the default data format for Local Shared Objects. Since the AMF format specification is published, data can be transferred to and from Flash applications using AMF datasets instead of JSON or XML, reducing the need for parsing and validating such data.
SWF: The specification for the SWF file format was published by Adobe, enabling the development of the SWX Format project, which used the SWF file format and AMF as a means for Flash applications to exchange data with server side applications. The SWX system stores data as standard SWF bytecode which is automatically interpreted by Flash Player. Another open-source project, SWXml allows Flash applications to load XML files as native ActionScript objects without any client-side XML parsing, by converting XML files to SWF/AMF on the server.
Flash Player is primarily a graphics and multimedia platform, and has supported raster graphics and vector graphics since its earliest version. It supports the following different multimedia formats which it can natively decode and playback.
MP3: Support for decoding and playback of streamingMPEG-2 Audio Layer III (MP3) audio was introduced in Flash Player 4. MP3 files can be accessed and played back from a server via HTTP, or embedded inside an SWF file, which is also a streaming format.
PNG: Support for decoding and rendering Portable Network Graphics (PNG) images, in both its 24-bit (opaque) and 32-bit (semi-transparent) variants. Flash Player 11 can also encode a PNG bitmap via ActionScript.
JPEG: Support for decoding and rendering compressed JPEG images. Flash Player 10 added support for the JPEG-XR advanced image compression standard developed by Microsoft Corporation, which results in better compression and quality than JPEG. JPEG-XR enables lossy and lossless compression with or without alpha channel transparency. Flash Player 11 can also encode a JPEG or JPEG-XR bitmap via ActionScript.
GIF: Support for decoding and rendering compressed Graphics Interchange Format (GIF) images, in its single-frame variants only. Loading a multi-frame GIF will display only the first image frame.
TCP: Support for Transmission Control Protocol (TCP) Internet socket communication to communicate with any type of server, using stream sockets. Sockets can be used only via ActionScript, and can transfer plain text, XML or binary data (ActionScript 3.0 and later). To prevent security issues, web servers that permit Flash content to communicate with them using sockets must host an XML-based cross domain policy file, served on Port 843. Sockets enable AS3 programs to interface with any kind of server software, such as MySQL.
Until version 10 of the Flash player, there was no support for GPU acceleration. Version 10 added a limited form of support for shaders on materials in the form of the Pixel Bender API, but still did not have GPU-accelerated 3D vertex processing. A significant change came in version 11, which added a new low-level API called Stage3D (initially codenamed Molehill), which provides full GPU acceleration, similar to WebGL. (The partial support for GPU acceleration in Pixel Bender was completely removed in Flash 11.8, resulting in the disruption of some projects like MIT's Scratch, which lacked the manpower to recode their applications quickly enough.)
Current versions of Flash Player are optimized to use hardware acceleration for video playback and 3D graphics rendering on many devices, including desktop computers. Performance is similar to HTML5 video playback. Also, Flash Player has been used on multiple mobile devices as a primary user interface renderer.
Although code written in ActionScript 3 executes up to 10 times faster than the prior ActionScript 2, the Adobe ActionScript 3 compiler is a non-optimizing compiler, and produces inefficient bytecode in the resulting SWF, when compared to toolkits such as CrossBridge.
CrossBridge, a toolkit that targets C++ code to run within the Flash Player, uses the LLVM compiler to produce bytecode that runs up to 10 times faster than code the ActionScript 3 compiler produces, only because the LLVM compiler uses more aggressive optimization.
Adobe has released ActionScript Compiler 2 (ASC2) in Flex 4.7 and onwards, which improves compilation times and optimizes the generated bytecode and supports method inlining, improving its performance at runtime.
As of 2012, the Haxe multiplatform language can build programs for Flash Player that perform faster than the same application built with the Adobe Flex SDK compiler.[unreliable source?]
Flash Player applications and games can be built in two significantly different methods:
"Flex" applications: The Adobe Flex Framework is an integrated collection of stylable Graphical User Interface, data manipulation and networking components, and applications built upon it are termed "Flex" applications. Startup time is reduced since the Flex framework must be downloaded before the application begins, and weighs in at approximately 500 KB. Editors include Adobe Flash Builder and FlashDevelop.
"Pure ActionScript" applications: Applications built without the Flex framework allow greater flexibility and performance. Video games built for Flash Player are typically pure-Actionscript projects. Various open-source component frameworks are available for pure ActionScript projects, such as MadComponents, that provide UI Components at significantly smaller SWF file sizes.
In both methods, developers can access the full Flash Player set of functions, including text, vector graphics, bitmap graphics, video, audio, camera, microphone, and others. AIR also includes added features such as file system integration, native extensions, native desktop integration, and hardware integration with connected devices.
Adobe provides five ways of developing applications for Flash Player:
Adobe also developed the CrossBridge toolkit which cross-compilesC/C++ code to run within the Flash Player, using LLVM and GCC as compiler backends, and high-performance memory-accessopcodes in the Flash Player (termed "Domain Memory") to work with in-memory data quickly. CrossBridge is targeted toward the game development industry, and includes tools for building, testing, and debugging C/C++ projects in Flash Player.
The "Internet Explorer - ActiveX" version is an ActiveX control for use in Internet Explorer, its shells, and other Windows applications that support ActiveX technology. This plugin cannot be installed on Windows 8 and later, because these OSes come with their own integrated Flash Player ActiveX.
The "Firefox - NPAPI" version is available for Firefox as well as other applications that support NPAPI technology.
The "Opera and Chromium - PPAPI" version is available for Chromium and browsers based on Chromium (such as Opera) as well as other applications that support PPAPI technology. This plugin cannot be installed on Google Chrome as it comes with its own built-in Flash component.
The "projector" version is a standalone player that can open SWF files directly.
On February 22, 2012, Adobe announced that it would no longer release new versions of NPAPI Flash plugins for Linux, although Flash Player 11.2 would continue to receive security updates. In August 2016 Adobe announced that, beginning with version 24, it will resume offering of Flash Player for Linux for other browsers.
The Extended Support Release (ESR) of Flash Player on macOS and Windows was a version of Flash Player kept up to date with security updates, but none of the new features or bug fixes available in later versions. It has been on version 11.7 as of July 9, 2013, version 13 as of May 13, 2014, and version 18 as of August 11, 2015. Adobe has decided to discontinue the ESR branch and instead focus solely on the standard release as of August 2016.
Old version, no longer supported: 126.96.36.199
In 2011, Flash Player had emerged as the de facto standard for online video publishing on the desktop, with adaptive bitrate video streaming, DRM, and fullscreen support. On mobile devices however, after Apple refused to allow the Flash Player within the inbuilt iOS web browser, Adobe changed strategy, enabling Flash content to be delivered as native mobile applications using the Adobe Integrated Runtime.
Up until 2012, Flash Player 11 was available for the Android (ARM Cortex-A8 and above), although in June 2012, Google announced that Android 4.1 (codenamed Jelly Bean) would not support Flash by default. Starting in August 2012, Adobe no longer updates Flash for Android. In spite of this, Adobe Flash is still available to install on Android devices via Adobe's update archives (up to Android 4.3).
Adobe said it will optimize Flash for use on ARM architecture (ARMv7 and ARMv6 architectures used in the Cortex-A series of processors and in the ARM11 family) and release it in the second half of 2009. The company also stated it wants to enable Flash on NVIDIA Tegra, Texas Instruments OMAP 3 and Samsung ARMs. Beginning 2009, it was announced that Adobe would be bringing Flash to TV sets via Intel Media Processor CE 3100 before mid-2009.ARM Holdings later said it welcomes the move of Flash, because "it will transform mobile applications and it removes the claim that the desktop controls the Internet." However, as of May 2009, the expected ARM/Linux netbook devices had poor support for Web video and fragmented software base.
Adobe has taken steps to reduce or eliminate Flash licensing costs. For instance, the SWF file format documentation is provided free of charge after they relaxed the requirement of accepting a non-disclosure agreement to view it in 2008. Adobe also created the Open Screen Project which removes licensing fees and opens data protocols for Flash.
Adobe has also open-sourced many components relating to Flash.
In 2011, the Adobe Flex Framework was donated as open-source to the Apache Software Foundation and rebranded as Apache Flex. Some saw this move as Adobe abandoning Flex, and stepping away from the Flash Platform as a whole. Sources from Apache say that "Enterprise application development is no longer a focus at Adobe. At least as Flash is concerned, Adobe is concentrating on games and video.", and they conclude that "Flex Innovation is Exploding!". The donated source code included a partly developed AS3 compiler (dubbed "Falcon") and the BlazeDS set of technologies.
In 2013, the CrossBridge C++ cross-compilation toolset was open sourced by Adobe and released on GitHub. The project was formerly termed "Alchemy" and "Flash Runtime C++ Compiler", and targeted the game development market to enable C++ video games to run in Adobe Flash Player.
However, Adobe has not been willing to make complete source code of the Flash Player available for free software development. Free and open source alternatives to the Adobe Flash Player such as Shumway and Gnash have been built, but are no longer under active development and therefore not a viable alternative. The only fully functional third-party Flash Player is the commercially available Scaleform GFx Player, which is game development middleware designed for integration into non-Flash video games.
In some browsers, prior Flash versions have had to be uninstalled before an updated version could be installed. However, as of version 11.2 for Windows, there are now automatic updater options. Linux is partially supported, as Adobe is cooperating with Google to implement it via Chrome web browser on all Linux platforms.
Mixing Flash applications with HTML leads to inconsistent behavior with respect to input handling (keyboard and mouse not working as they would in an HTML-only document). This is often done in web sites and can lead to poor user experience with the site.
The February 20, 2014 update to 188.8.131.52 introduced a reported bug, producing green video with sound only. This defect is related to hardware acceleration and may be overcome by disabling hardware acceleration via the Adobe settings in Firefox (accessed by right clicking within the video) or in Internet Explorer (within the Tools settings). This defect may be related to widely used graphics hardware, AMD Radeon HD video cards, and similar visual defects have occurred in earlier Flash updates, with the same workaround.
Flash Player supports persistent local storage of data (also referred to as Local Shared Objects), which can be used similarly to HTTP cookies or Web Storage in web applications. Local storage in Flash Player allows websites to store non-executable data on a user's computer, such as authentication information, game high scores or saved games, server-based session identifiers, site preferences, saved work, or temporary files. Flash Player will only allow content originating from exactly the same website domain to access data saved in local storage.
Because local storage can be used to save information on a computer that is later retrieved by the same site, a site can use it to gather user statistics, similar to how HTTP cookies and Web Storage can be used. With such technologies, the possibility of building a profile based on user statistics is considered by some a potential privacy concern. Users can disable or restrict use of local storage in Flash Player through a "Settings Manager" page. These settings can be accessed from the Adobe website or by right-clicking on Flash-based content and selecting "Global Settings".
Local storage can be disabled entirely or on a site-by-site basis. Disabling local storage will block any content from saving local user information using Flash Player, but this may disable or reduce the functionality of some websites, such as saved preferences or high scores and saved progress in games.
Flash Player 10.1 and upward honor the privacy mode settings in the latest versions of the Chrome, Firefox, Internet Explorer, and Safari web browsers, such that no local storage data is saved when the browser's privacy mode is in use.
Adobe security bulletins and advisories announce security updates, but Adobe Flash Player release notes do not disclose the security issues addressed when a release closes security holes, making it difficult to evaluate the urgency of a particular update. A version test page allows the user to check if the latest version is installed, and uninstallers may be used to ensure that old-version plugins have been uninstalled from all installed browsers.
In February 2010, Adobe officially apologized for not fixing a known vulnerability for over a year. In June 2010 Adobe announced a "critical vulnerability" in recent versions, saying there are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. Later, in October 2010, Adobe announced another critical vulnerability, this time also affecting Android-based mobile devices. Android users have been recommended to disable Flash or make it only on demand. Subsequent security vulnerabilities also exposed Android users, such as the two critical vulnerabilities published in February 2013 or the four critical vulnerabilities published in March 2013, all of which could lead to arbitrary code execution.
Symantec's Internet Security Threat Report states that a remote code execution in Adobe Reader and Flash Player was the second most attacked vulnerability in 2009. The same report also recommended using browser extensions to disable Flash Player usage on untrusted websites. McAfee predicted that Adobe software, especially Reader and Flash, would be primary target for attacks in 2010. Adobe applications had become, at least at some point, the most popular client-software targets for attackers during the last quarter of 2009. The Kaspersky Security Network published statistics for the third quarter of 2012 showing that 47.5% of its users were affected by one or more critical vulnerabilities. The report also highlighted that "Flash Player vulnerabilities enable cybercriminals to bypass security systems integrated into the application."
Steve Jobs criticized the security of Flash Player, noting that "Symantec recently highlighted Flash for having one of the worst security records in 2009". Adobe responded by pointing out that "the Symantec Global Internet Threat Report for 2009, found that Flash Player had the second lowest number of vulnerabilities of all Internet technologies listed (which included both web plug-ins and browsers)."
April 7, 2016, Adobe released a Flash Player patch for a zero-day memory corruption vulnerability CVE-2016-1019 that could be used to deliver malware via the Magnitude exploit kit. The vulnerability could be exploited for remote code execution.
Flash Player 11.2 does not play certain kinds of content unless it has been digitally signed by Adobe, following a license obtained by the publisher directly from Adobe.
This move by Adobe, together with the abandonment of Flex to Apache was criticized as a way to lock out independent tool developers, in favor of Adobe's commercial tools.
This has been resolved as of January 2013, after Adobe no longer requires a license or royalty from the developer. All premium features are now classified as general availability, and can be freely used by Flash applications.
In April 2010, Steve Jobs, at the time CEO of Apple Inc. published an open letter explaining why Apple would not support Flash on the iPhone, iPod touch and iPad. In the letter he blamed problems with the "openness", stability, security, performance, and touchscreen integration of the Flash Player as reasons for refusing to support it. He also claimed that when one of Apple's Macintosh computers crashes, "more often than not" the cause can be attributed to Flash, and described Flash as "buggy". Adobe's CEO Shantanu Narayen responded by saying, "If Flash [is] the number one reason that Macs crash, which I'm not aware of, it has as much to do with the Apple operating system."
Steve Jobs also claimed that a large percentage of the video on the Internet is supported on iOS, since many popular video sharing websites such as YouTube have published video content in an HTML5 compatible format, enabling videos to playback in mobile web browsers even without Flash Player.
China specific version and related privacy issues
Starting with version 30, Adobe stopped distributing Flash Player directly to Chinese users. Instead, they selected 2144.cn as a partner and released a special version of Flash Player on a specific website, which contains code to collect user activity and pops up advertisement window contents. The partnership started in about 2017, but in version 30, Adobe disabled the usage of vanilla (global) version of Flash Player in China, forcing users to use that specific version, which is obviously dangerous to its users due to China's Internet censorship. This affects Google Chrome and Firefox users, as well as Internet Explorer users using Windows 7, as Microsoft still directly distributes Flash Player for Internet Explorer and Microsoft Edge through Windows Update in Windows 8 and upward.
Adobe Flash Player version history
Macromedia Flash Player 2 (June 17, 1997)
Mostly vectors and motion, some bitmaps, limited audio
Support of stereo sound, enhanced bitmap integration, buttons, the Library, and the ability to tween color changes
Brought improvements to animation, playback, and publishing, as well as the introduction of simple script commands for interactivity
Macromedia Flash Player 4 (June 15, 1999)
Saw the introduction of streaming MP3s and the Motion Tween. Initially, the Flash Player plug-in was not bundled with popular web browsers and users had to visit Macromedia website to download it; As of 2000, however, the Flash Player was already being distributed with all AOL, Netscape and Internet Explorer browsers. Two years later it shipped with all releases of Windows XP. The install-base of the Flash Player reached 92 percent of all Internet users.
Macromedia Flash Player 5 (August 24, 2000)
A major advance in ability, with the evolution of Flash's scripting abilities as released as ActionScript
Saw the ability to customize the authoring environment's interface
Macromedia Generator was the first initiative from Macromedia to separate design from content in Flash files. Generator 2.0 was released in April 2001, and featured real-time server-side generation of Flash content in its Enterprise Edition. Generator was discontinued in 2002, in favor of new technologies such as Flash Remoting, which allows for seamless transmission of data between the server and the client, and ColdFusion Server.
In October 2000, usability guru Jakob Nielsen wrote a polemic article regarding usability of Flash content entitled "Flash: 99% Bad". (Macromedia later hired Nielsen to help them improve Flash usability.)
Supports progressive audio and video streaming (HTTP)
Supports ActionScript 2.0, an object-oriented programming language for developers
Ability to create charts, graphs and additional text effects with the new support for extensions (sold separately), high fidelity import of PDF and Adobe Illustrator 10 files, mobile and device development and a forms-based development environment. ActionScript 2.0 was also introduced, giving developers a formal object-oriented approach to ActionScript. V2 Components replaced Flash MX's components, being rewritten from the ground up to take advantage of ActionScript 2.0 and object-oriented principles.
In 2004, the "Flash Platform" was introduced. This expanded Flash to more than the Flash authoring tool. Flex 1.0 and Breeze 1.0 were released, both of which used the Flash Player as a delivery method but relied on tools other than the Flash authoring program to create Flash applications and presentations. Flash Lite 1.1 was also released, enabling mobile phones to play Flash content.
Last version for Windows 95/NT4 and Mac Classic
^"Adobe Open Screen Project". Starting today, there will be no restrictions on the use of the SWF specification or the FLV and F4V specifications that make up video in Flash. Formerly, to look at the SWF specification users had to sign a licensing agreement not to use it to create competing players
^Symantec Global Internet Threat Report for 2009, page 40, "In 2009, Symantec documented 321 vulnerabilities affecting plug-ins for Web browsers (figure 9). ActiveX technologies were affected by 134 vulnerabilities, which was the highest among the plug-in technologies examined. Of the remaining technologies, Java SE had 84 vulnerabilities, Adobe Reader had 49 vulnerabilities, QuickTime had 27 vulnerabilities, and Adobe Flash Player was subject to 23 vulnerabilities. The remaining four vulnerabilities affected extensions for Firefox."
Led Digital Marketing Efforts of Top 500 e-Retailers.
Worked with Top Brands at Leading Agencies.
Successfully Managed Over $50 million in Digital Ad Spend.
Developed Strategies and Processes that Enabled Brands to Grow During an Economic Downturn.
Taught Advanced Internet Marketing Strategies at the graduate level.
Manage research, learning and skills at defaultlogic.com. Create an account using LinkedIn to manage and organize your omni-channel knowledge. defaultlogic.com is like a shopping cart for information -- helping you to save, discuss and share.