The Adobe Flash Player will reach its end-of-life on January 1st, 2021 after 18 years of being a security risk. Over its life, attackers have abused its vulnerabilities to create multiple zero-day and critical exploits that were used by cybercriminals and nation-state actors alike. These groups were able to install malware, remotely execute malicious code, and even take over users’ computers when the victim simply visited a malicious web page using a web browser with the ubiquitous Flash player installed. The decision to stop Flash was taken due to the decreasing numbers of people using Flash and moving to more secure and better performing technologies such as HTML5, WebGL, and WebAssembly that are available in modern web browsers. Tomorrow Adobe will stop distributing or updating Flash Player and most web browsers will stop supporting the program. Flash Player’s end-of-life is good news because it will reduce the attack surface that cybercriminals can use to access users’ web browsers and operating systems, as long as IT administrators completely remove the software from systems.
Analyst Notes
Users are highly recommended to completely remove Adobe Flash Player from their systems to help secure their systems since Adobe does not intend to issue updates or security patches after 01/01/2021. To completely remove Flash Player, users should use the embedded uninstall program included in Flash Player, or manually by following the instructions which can be found on Adobe’s web site. Enterprise users who are required to use Flash Player due to legacy system requirements can reach out to the company’s official licensing partner, HARMEN, according to the Adobe announcement.
Source Article: https://www.bleepingcomputer.com/news/security/adobe-flash-player-is-officially-dead-tomorrow/
Adobe End of Life Announcement: https://blog.adobe.com/en/fpost/2020/update-for-enterprise-adobe-flash-player.html#gs.pdwpsh
