Adobe Flash Player is a runtime that executes and displays content from a provided SWF file, although it has no in-built features to modify the SWF file at runtime. It can execute software written in the ActionScript programming language which enables the runtime manipulation of text, data, vector graphics, raster graphics, sound and video. The player can also access certain connected hardware devices, including web cameras and microphones, after permission for the same has been granted by the user.
Flash Player is used internally by the Adobe Integrated Runtime (Adobe AIR), in order to provide a cross-platform runtime environment for desktop applications and mobile applications. Adobe AIR supports installable applications on Windows, Linux, OS X, and some mobile operating systems such as iOS and Android. Flash applications must specifically be built for the Adobe AIR runtime in order to utilize additional features provided, such as file system integration, native client extensions, native window/screen integration, taskbar/dock integration, and hardware integration with connected Accelerometer and GPS devices.
Flash Player includes native support for many different data formats, some of which can only be accessed through the ActionScript scripting interface.
XML: Flash Player has included native support for XML parsing and generation since version 8. XML data is held in memory as an XML Document Object Model, and can be manipulated using ActionScript. ActionScript 3 also supports ECMAScript for XML (E4X), which allows XML data to be manipulated more easily.
AMF: Flash Player allows cookies to be stored on users computers, in the form of Local Shared Objects, the Flash equivalent to browser cookies. Flash Player can also natively read and write files in the Action Message Format, the default data format for Local Shared Objects. Since the AMF format specification is published, data can be transferred to and from Flash applications using AMF datasets instead of JSON or XML, reducing the need for parsing and validating such data.
SWF: The specification for the SWF file format was published by Adobe, enabling the development of the SWX Format project, which utilized the SWF file format and AMF as a means for Flash applications to exchange data with server side applications. The SWX system stores data as standard SWF bytecode which is automatically interpreted by Flash Player. Another open-source project, SWXml allows Flash applications to load XML files as native ActionScript objects without any client-side XML parsing, by converting XML files to SWF/AMF on the server.
Flash Player is primarily a graphics and multimedia platform, and has supported raster graphics and vector graphics since its earliest version. It supports the following different multimedia formats which it can natively decode and playback.
MP3: Support for decoding and playback of streamingMPEG-2 Audio Layer III (MP3) audio was introduced in Flash Player 4. MP3 files can be accessed and played back from a server via HTTP, or embedded inside an SWF file, which is also a streaming format.
PNG: Support for decoding and rendering Portable Network Graphics (PNG) images, in both its 24-bit (opaque) and 32-bit (semi-transparent) variants. Flash Player 11 can also encode a PNG bitmap via ActionScript.
JPEG: Support for decoding and rendering compressed JPEG images. Flash Player 10 added support for the JPEG-XR advanced image compression standard developed by Microsoft Corporation, which results in better compression and quality than JPEG. JPEG-XR enables lossy and lossless compression with or without alpha channel transparency. Flash Player 11 can also encode a JPEG or JPEG-XR bitmap via ActionScript.
GIF: Support for decoding and rendering compressed Graphics Interchange Format (GIF) images, in its single-frame variants only. Loading a multi-frame GIF will display only the first image frame.
TCP: Support for TCPsocket communication to communicate with any type of server, using stream sockets. Sockets can only be utilized using ActionScript, and can transfer plain text, XML or binary data (ActionScript 3.0 and later). In order to prevent security issues, web servers that permit Flash content to communicate with them using sockets must host an XML-based cross domain policy file, served on Port 843. Sockets enable AS3 programs to interface with any kind of server software, such as MySQL.
Until version 10 of the Flash player, there was no support for GPU acceleration. Version 10 added a limited form of support for shaders on materials in the form of the Pixel Bender API, but still did not have GPU-accelerated 3D vertex processing. A significant change came in version 11, which added a new low-level API called Stage3D (initially codenamed Molehill), which provides full GPU acceleration, similar to WebGL. (The partial support for GPU acceleration in Pixel Bender was completely removed in Flash 11.8, resulting in the disruption of some projects like MIT's Scratch, which lacked the manpower to recode their applications quickly enough.)
Current versions of Flash Player are optimized to use hardware acceleration for video playback and 3D graphics rendering on many devices, including desktop computers. Performance is similar to HTML5 video playback. Also, Flash Player has been used on multiple mobile devices as a primary user interface renderer.
Although code written in ActionScript 3 executes up to 10 times faster than the previous ActionScript 2, the Adobe ActionScript 3 compiler is a non-optimizing compiler, and produces inefficient bytecode in the resulting SWF, when compared to toolkits such as CrossBridge.
CrossBridge, a toolkit that targets C++ code to run within the Flash Player, uses the LLVM compiler to produce bytecode that runs up to 10 times faster than code the ActionScript 3 compiler produces, only because the LLVM compiler uses more aggressive optimization.
Adobe has released ActionScript Compiler 2 (ASC2) in Flex 4.7 and onwards, which improves compilation times and optimizes the generated bytecode and supports method inlining, improving its performance at runtime.
As of 2012, the Haxe multiplatform language can build programs for Flash Player that perform faster than the same application built with the Adobe Flex SDK compiler.[unreliable source?]
Adobe has provided a free SDK in order to build Flash applications, now known as the Apache Flex SDK. The Flex SDK allows developers to use any text editor such as Notepad++ or FlashDevelop (an IDE) to edit ActionScript source code (.as files), and then build a corresponding Flash application application (.swf) or AIR application application and installer (.air file) from the same.
Adobe AIR applications can be built either with the Apache Flex Framework, or without. The framework is an integrated collection of stylable Graphical User Interface, data manipulation and networking components, and applications built upon it are known as "Flex" applications. Applications built without the framework depend entirely on the developer's own skills and artistic abilities, and are commonly known as "pure ActionScript" projects.
In both methods, developers can access the full Flash Player set of functionalities, including text, vector graphics, bitmap graphics, video, audio, camera and microphone support, among others. Adobe AIR also includes additional features such as file system integration, native extensions, native desktop integration, and hardware integration with connected devices.
Adobe provides three ways of developing applications:
There also commercial and non-commercial game engines that can use the Flash Player (Stage3D) as run-time environment. Among them are Unity 3D and Unreal Engine 3. Before the introduction of Stage3D, a number of older 2D engines or isometric engines like Flixel saw their heyday.
Of the actual games developed in Flash, too numerous to attempt to list here, AdventureQuest deserves a special mention as while having started in 2002 it was still being updated and played in 2011.
The documentation for the SWF file format is provided by Adobe free of cost on their website after they relaxed the requirement of accepting a non-disclosure agreement to view the same in 2008.
Adobe has not been willing to make complete source code of the Flash Player available for free software development. Free and open source alternatives to the Adobe Flash Player such as Gnash have been built, but are still incomplete and therefore not a viable alternative. The Lightspark Player is another such project, and has made more progress.
The latest version of Flash Player, is available for many major desktop platforms including Windows (XP and newer) and OS X (10.6 and later). The latest version is also available on Linux but only on Google Chrome as Adobe no longer releases updates for the non-PPAPI plugin on Linux.
Adobe released an alpha version of Flash Player 10 for x86-64 Linux on November 17, 2008. Adobe released a beta version of Flash Player 11 on July 13, 2011, which has 64-bit editions for all supported platforms. Flash Player 11 was released to web on October 3, 2011.
Adobe Flash Player 11 is available in three flavors: "ActiveX", "Plug-in" and "Projector". The "ActiveX" version is an ActiveX control for use in Internet Explorer and any other Windows applications that supports ActiveX technology. The "plug-in" version is available for Netscape-compatible browsers on Microsoft Windows, Macintosh and Linux. The "projector" version is a standalone player that can open SWF files directly.
In February 2012, Adobe announced it would discontinue development of Flash Player on Linux for all browsers except Google Chrome. As of 9 July 2013[update] version 11.7 is the extended support release. As of March 2014[update] version 14 is the Adobe Labs preview release.
In 2011, Flash Player had emerged as the de facto standard for online video publishing on the desktop, with adaptive bitrate video streaming, DRM, and fullscreen support. On mobile devices however, after Apple refused to allow the Flash Player within the inbuilt iOS web browser, Adobe changed strategy enabling Flash content to be delivered as native mobile applications using the Adobe Integrated Runtime.
Up until 2012, Flash Player 11 was available for the Android (ARM Cortex-A8 and above), although in June 2012, Google announced that Android 4.1 (codenamed Jelly Bean) will not support Flash by default. Starting in August 2012, Adobe no longer updates flash for Android. In spite of this, Adobe Flash is still available to install on Android devices via Adobe's update archives.
Adobe said it will optimize Flash for use on ARM architecture (ARMv6 and ARMv7 architectures used in the ARM11 family and the Cortex-A series of processors) and release it in the second half of 2009. The company also stated it wants to enable Flash on NVIDIA Tegra, Texas Instruments OMAP 3 and Samsung ARMs. Beginning 2009, it was announced that Adobe would be bringing Flash to TV sets via Intel Media Processor CE 3100 before mid-2009. Later on, ARM Holdings said it welcomes the move of Flash, because "it will transform mobile applications and it removes the claim that the desktop controls the Internet." However, as of May 2009, the expected ARM/Linux netbook devices had poor support for Web video and fragmented software base.
In some browsers, previous Flash versions have had to be uninstalled before an updated version could be installed. However, as of version 11.2 for Windows, there are now automatic updater options. Linux is partially supported, as Adobe is cooperating with Google to implement it via Chrome web browser on all Linux platforms.
Mixing flash applications with HTML leads to inconsistent behavior with respect to input handling (keyboard and mouse not working as they would in an HTML-only document). This is often done in web sites  and can lead to poor user experience with the site.
The 2014-02-20 update to 188.8.131.52 introduced a reported bug, producing green video with sound only. This defect is related to hardware acceleration and may be overcome by disabling hardware acceleration via the Adobe settings in Firefox (accessed by right clicking within the video) or in Internet Explorer (within the Tools settings). This defect may be related to widely-used graphics hardware, AMD Radeon HD video cards, and similar visual defects have occurred in earlier Flash updates, with the same workaround.
Flash Player supports persistent local storage of data (also referred to as Local Shared Objects), which can be used similarly to HTTP cookies or Web Storage in web applications. Local storage in Flash Player allows websites to store non-executable data on a user's computer, such as authentication information, game high scores or saved games, server-based session identifiers, site preferences, saved work, or temporary files. Flash Player will only allow content originating from exactly the same website domain to access data saved in local storage.
Because local storage can be used to save information on a computer that is later retrieved by the same site, a site can use it to gather user statistics, similar to how HTTP cookies and Web Storage can be used. With such technologies, the possibility of building a profile based on user statistics is considered by some a potential privacy concern. Users can disable or restrict use of local storage in Flash Player through a "Settings Manager" page. These settings can be accessed from the Adobe website or by right-clicking on Flash-based content and selecting "Global Settings".
Local storage can be disabled entirely or on a site-by-site basis. Disabling local storage will block any content from saving local user information using Flash Player, but this may disable or reduce the functionality of some websites, such as saved preferences or high scores and saved progress in games.
Flash Player 10.1 and upward honor the privacy mode settings in the latest versions of the Chrome, Firefox, Internet Explorer, and Safari web browsers, such that no local storage data is saved when the browser's privacy mode is in use.
Adobe security bulletins and advisories announce security updates, but Adobe Flash Player release notes do not disclose the security issues addressed when a release closes security holes, making it difficult to evaluate the urgency of a particular update. A version test page allows the user to check if the latest version is installed, and uninstallers may be used to ensure that old-version plugins have been uninstalled from all installed browsers.
In February 2010, Adobe officially apologized for not fixing a known vulnerability for over 1 year. In June 2010 Adobe announced a "critical vulnerability" in recent versions, saying there are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. Later, in October 2010, Adobe announced another critical vulnerability, this time also affecting Android-based mobile devices. Android users have been recommended to disable Flash or make it only on demand. Subsequent security vulnerabilities also exposed Android users, such as the two critical vulnerabilities published in February 2013 or the four critical vulnerabilities published in March 2013, all of which could lead to arbitrary code execution.
Symantec's Internet Security Threat Report states that a remote code execution in Adobe Reader and Flash Player was the second most attacked vulnerability in 2009. The same report also recommends to employ browser add-ons wherever possible to disable Adobe Flash Player when visiting untrusted sites. McAfee predicted that Adobe software, especially Reader and Flash, would be primary target for attacks in 2010. Adobe applications had become, at least at some point, the most popular client-software targets for attackers during the last quarter of 2009. The Kaspersky Security Network published statistics for the third quarter of 2012 showing that 47.5% of its users were affected by one or more critical vulnerabilities. The report also highlighted that "Flash Player vulnerabilities enable cybercriminals to bypass security systems integrated into the application."
Steve Jobs criticized the security of Flash Player, noting that "Symantec recently highlighted Flash for having one of the worst security records in 2009". Adobe responded by pointing out that "the Symantec Global Internet Threat Report for 2009 found that Flash Player had the second lowest number of vulnerabilities of all Internet technologies listed (which included both web plug-ins and browsers)."
Flash Player 11.2 does not play certain kinds of content unless it has been digitally signed by Adobe, following a license obtained by the publisher directly from Adobe.
This move by Adobe, together with the abandonment of Flex to Apache was criticized as a way lock out independent tool developers, in favor of Adobe's commercial tools.
This has been resolved as of January 2013, after Adobe no longer requires a license or royalty from the developer. All premium features are now classified as general availability, and can be freely used by Flash applications.
In April 2010, Steve Jobs, at the time CEO of Apple Inc. published an open letter explaining why Apple wouldn't support Flash on the iPhone, iPod touch and iPad. In the letter he blamed the "openness", the stability, the security and the performance of the Flash Player as reasons for refusing to support it. He explained why Flash is not suitable for touchscreen devices. He also claimed that when one of Apple's Macintosh computers crashes, "more often than not" the cause can be attributed to Flash. Additionally, he described Flash as "buggy". Adobe's CEO Shantanu Narayen responded by saying, "If Flash [is] the number one reason that Macs crash, which I'm not aware of, it has as much to do with the Apple operating system."
Steve Jobs also claimed that a large percentage of the video on the internet is supported on iOS, since many popular video sharing websites such as YouTube have published video content in an HTML5 compatible format, enabling videos to playback in mobile web browsers even without Flash Player.
Adobe Flash Player Version History
Macromedia Flash Player 2 (1997)
Mostly vectors and motion, some bitmaps, limited audio
Support of stereo sound, enhanced bitmap integration, buttons, the Library, and the capability to tween color changes.
Brought improvements to animation, playback, and publishing, as well as the introduction of simple script commands for interactivity.
Macromedia Flash Player 4 (May 1999)
Saw the introduction of streaming MP3s and the Motion Tween. Initially, the Flash Player plug-in was not bundled with popular web browsers and users had to visit Macromedia website to download it; As of 2000, however, the Flash Player was already being distributed with all AOL, Netscape and Internet Explorer browsers. Two years later it shipped with all releases of Windows XP. The install-base of the Flash Player reached 92 percent of all Internet users.
Macromedia Flash Player 5 (August 2000)
A major leap forward in capability, with the evolution of Flash's scripting capabilities as released as ActionScript.
Saw the ability to customize the authoring environment's interface.
Macromedia Generator was the first initiative from Macromedia to separate design from content in Flash files. Generator 2.0 was released in April 2001 and featured real-time server-side generation of Flash content in its Enterprise Edition. Generator was discontinued in 2002 in favor of new technologies such as Flash Remoting, which allows for seamless transmission of data between the server and the client, and ColdFusion Server.
In October 2000, usability guru Jakob Nielsen wrote a polemic article regarding usability of Flash content entitled "Flash: 99% Bad". (Macromedia later hired Nielsen to help them improve Flash usability.)
The old Macromedia Flash Player logo
Macromedia Flash Player 6 (version 184.108.40.206, codenamed Exorcist) (March 2002)
Support for the consuming Flash Remoting (AMF) and Web Service (SOAP)
Supports ondemand/live audio and video streaming (RTMP)
Support for screenreaders via Microsoft Active Accessibility
Support for video, application components, shared libraries, and accessibility.
Macromedia Flash Communication Server MX, also released in 2002, allowed video to be streamed to Flash Player 6 (otherwise the video could be embedded into the Flash movie).
Macromedia Flash Player 7 (version 220.127.116.11, codenamed Mojo) (September 2003)
Supports progressive audio and video streaming (HTTP)
Supports ActionScript 2.0, an object-oriented programming language for developers
Ability to create charts, graphs and additional text effects with the new support for extensions (sold separately), high fidelity import of PDF and Adobe Illustrator 10 files, mobile and device development and a forms-based development environment. ActionScript 2.0 was also introduced, giving developers a formal object-oriented approach to ActionScript. V2 Components replaced Flash MX's components, being rewritten from the ground up to take advantage of ActionScript 2.0 and object-oriented principles.
In 2004, the "Flash Platform" was introduced. This expanded Flash to more than the Flash authoring tool. Flex 1.0 and Breeze 1.0 were released, both of which utilized the Flash Player as a delivery method but relied on tools other than the Flash authoring program to create Flash applications and presentations. Flash Lite 1.1 was also released, enabling mobile phones to play Flash content.
Last version for Windows 95/NT4 and Mac Classic
Macromedia Flash Player 8 (version 18.104.22.168, codenamed Maelstrom) (August 2005)
^ ab"Archived Flash Player versions". Adobe.com. Adobe Systems Incorporated. Retrieved 19 June 2014. "On September 10 2013, Adobe released Flash Player 22.214.171.124 for Android 2.x and 3.x and 126.96.36.199 for Android 4.0.x"
^"Adobe Open Screen Project". "Starting today, there will be no restrictions on the use of the SWF specification or the FLV and F4V specifications that make up video in Flash. Previously, in order to look at the SWF specification you had to sign a licensing agreement not to use it to create competing players"
^Symantec Global Internet Threat Report for 2009, page 40, "In 2009, Symantec documented 321 vulnerabilities affecting plug-ins for Web browsers (figure 9). ActiveX technologies were affected by 134 vulnerabilities, which was the highest among the plug-in technologies examined. Of the remaining technologies, Java SE had 84 vulnerabilities, Adobe Reader had 49 vulnerabilities, QuickTime had 27 vulnerabilities, and Adobe Flash Player was subject to 23 vulnerabilities. The remaining four vulnerabilities affected extensions for Firefox."