HTML5 Ads Aren't That Safe Compared to Flash, Experts Say
so the article starts on a pretty obvious thing
A study from GeoEdge, an ad scanning vendor, reveals that Flash has been wrongly accused of being the root cause of today's malvertising campaigns, but in reality, switching to HTML5 ads won't safeguard users from attacks because the vulnerabilities are in the ad platforms and advertising standards themselves.
already mentioned that in previous post, as long as you allow remote code to be executed on your local computer you will have security risks, whatever the technology
there is a very simple way to fix that: not allowing code of any kind in advertising, eg. only use static content like text, image, video
but the advertising vendors do not want that because their customers do want want interactivity
"that user gonna click more on those blinking shiny lights"
anyway, the problem with the article above is that it is written by yet another so-called journalist who have no clue about the subject ...
here some example
The evidence exists to proclaim Flash as one of today's most vulnerable and insecure software applications.
evidence ? nope no such things, it is just FUD
again, any popular tech will be targeted by hackers etc.
Security researchers have discovered vulnerabilities in Flash almost every month, and for many years, Adobe has been slow to patch them.
nope, Adobe have not been slow to patch those
Things changed recently after browser vendors threatened to have the plugin disabled for most of their users.
In fact, that's the opposite.
Browser vendors were ready to remove Flash and not think twice about it.
Except, users want to consume Flash content, so all those browser vendors decided to embed the Flash plugin by default in their browser and help Adobe provide security patches etc.
anyway, forget this lame article and go to the source PDF
Security Aspects of Flash, HTML5, and Video in the Ad Tech Industry