Safari 10 in macOS Sierra will Behave as Though Flash Player isn’t Installed


Following the constant reports of Flash Player vulnerabilities, Mac users will be pleased to learn that Safari in macOS Sierra will automatically deactivate Flash, along with other legacy plug-ins.

"When Safari 10 ships this fall, by default, Safari will behave as though common legacy plug-ins on users’ Macs are not installed," Safari team said in a blog post published to the WebKit. Safari 10 will change the way the web browser handles plug-ins, including Adobe's Flash Player, Java, Silverlight, QuickTime, and others. The browser will disable them by default. But, users who want to use these plug-ins will be able to manually activate them.

The blog explained how the new Safari will improve security, performance, and battery life when evaluating and implementing web standards. Talking about deactivation of Flash, Safari team noted that the websites that offer both Flash and HTML5 implementations of content, Safari 10 will always use HTML5, delivering improved battery life. Unlike Google's Chrome browser which has exceptions to this rule, Safari will have no "built-in list of exceptions. If a website really does require a legacy plug-in, users can explicitly activate it on that website."

macOS, the new name of Apple's desktop operating system, will be released to the public this fall. Unlike last three iterations of OS X, macOS Sierra has dropped support for many older Macs, focusing on delivering improved performance to more recent devices. With macOS, Safari and other core apps, including Photos and Messages, are also receiving updates. Safari 10 is getting some drastic changes, possibly dropping support for legacy plug-ins.

The blog post published by the Safari team explained how Safari 10 will reduce a website’s dependence on legacy plug-ins:

By default, Safari no longer tells websites that common plug-ins are installed. It does this by not including information about Flash, Java, Silverlight, and QuickTime in navigator.plugins and navigator.mimeTypes. This convinces websites with both plug-in and HTML5-based media implementations to use their HTML5 implementation.

But, what happens when a website (sadly) does require Flash? These websites display a Flash isn't installed message with a link to download Flash from Adobe. At this point, Safari will present the information to a user, asking them to activate the plug-in:

Of these plug-ins, the most widely-used is Flash. Most websites that detect that Flash isn’t available, but don’t have an HTML5 fallback, display a “Flash isn’t installed” message with a link to download Flash from Adobe. If a user clicks on one of those links, Safari will inform them that the plug-in is already installed and offer to activate it just one time or every time the website is visited. The default option is to activate it only once. We have similar handling for the other common plug-ins.

With a number of critical and zero-day vulnerabilities being discovered in Flash Player, Silverlight and other legacy plug-ins, it is a wise decision to keep such plug-ins disabled. The new Safari 10 implementation also gives users more control over how they see the content, helping them secure their machines against any security flaws.

Developers can visit WebKit to learn more about these changes and recommendations.

Recommended: macOS Sierra, say hello to Siri, Auto Unlock, Universal Clipboard, Apple Pay and more!