Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed

Search

UK NCSC Warns Users About Upcoming Adobe Flash End of Life

In what might seem to be an odd warning, the UK’s National Cyber Security Centre released a statement urging people to not disable browser and/or platform updates as a way of continuing to use Adobe Flash Player after 2020. The NCSC fears that some system administrators may disable browser updates as a way to keep using Adobe Flash, with a complete disregard for the safety of their environment. Instead of keeping Adobe Flash past the December 31st,  2020 end-of-life, NCSC recommends that users work with vendors to remove Flash altogether. Flash has been used by threat actors to deliver malware almost as long as Flash has existed as a browser plug-in. In general, any browser plug-in that allows remote websites to execute code on the computers of website visitors automatically is potential risk that attackers will seek to exploit.

Analyst Notes

As Adobe announced the end-of-life date for Flash three years ago, there’s been plenty of time to prepare. Due to the flaws/exploits currently available in Flash, Binary Defense recommends disabling it altogether.
https://www.zdnet.com/article/uk-ncsc-dont-disable-updates-so-you-can-continue-using-adobe-flash-past-its-eol/