In what might seem to be an odd warning, the UK’s National Cyber Security Centre released a statement urging people to not disable browser and/or platform updates as a way of continuing to use Adobe Flash Player after 2020. The NCSC fears that some system administrators may disable browser updates as a way to keep using Adobe Flash, with a complete disregard for the safety of their environment. Instead of keeping Adobe Flash past the December 31st, 2020 end-of-life, NCSC recommends that users work with vendors to remove Flash altogether. Flash has been used by threat actors to deliver malware almost as long as Flash has existed as a browser plug-in. In general, any browser plug-in that allows remote websites to execute code on the computers of website visitors automatically is potential risk that attackers will seek to exploit.
As Adobe announced the end-of-life date for Flash three years ago, there’s been plenty of time to prepare. Due to the flaws/exploits currently available in Flash, Binary Defense recommends disabling it altogether.