Threat Watch

UK NCSC Warns Users About Upcoming Adobe Flash End of Life

In what might seem to be an odd warning, the UK’s National Cyber Security Centre released a statement urging people to not disable browser and/or platform updates as a way of continuing to use Adobe Flash Player after 2020. The NCSC fears that some system administrators may disable browser updates as a way to keep using Adobe Flash, with a complete disregard for the safety of their environment. Instead of keeping Adobe Flash past the December 31st,  2020 end-of-life, NCSC recommends that users work with vendors to remove Flash altogether. Flash has been used by threat actors to deliver malware almost as long as Flash has existed as a browser plug-in. In general, any browser plug-in that allows remote websites to execute code on the computers of website visitors automatically is potential risk that attackers will seek to exploit.

ANALYST NOTES

As Adobe announced the end-of-life date for Flash three years ago, there’s been plenty of time to prepare. Due to the flaws/exploits currently available in Flash, Binary Defense recommends disabling it altogether.
https://www.zdnet.com/article/uk-ncsc-dont-disable-updates-so-you-can-continue-using-adobe-flash-past-its-eol/