2021-01-27  It’s not as if we weren’t warned. We’ve had three years’ notice that Adobe would be discontinuing Flash Player and stop supporting Flash content at the end of 2020. Yet it seems that some organisations — notably the South African tax authority — are still in the process of shifting content from Adobe Flash to an open-source standard such as HTML5. Meanwhile, all major web browsers permanently removed support for Flash in January 2021.

As an Acronis cyberthreat update from early January pointed out, Adobe Flash Player reaching its end-of-life could leave users with a potential security risk. Flash Player needs to be manually uninstalled from laptops and computers — including that forgotten machine down in the basement, or the old laptop retrieved from the back of the cupboard for your kids to do their online learning on. No further updates or patches are going to be released by Adobe and this makes legacy instances of Flash Player a gift to cyber criminals. A common tactic of cyber criminals is to target old, unsupported, yet still active software that hasn’t been updated in line with the current threat landscape.

Ways the now unsupported Adobe Flash Player can be a security risk:

  1. Criminals send fake updates to the user, who, thinking they are doing the right thing because they are always being reminded to install all patches and updates immediately, download the malware onto their devices.
  2. Likewise, unauthorised versions of Flash Player on third party sites are likely to be malicious. Adobe has removed its Flash Player download pages and doesn’t make previous versions available from its site.
  3. Googling workarounds, such as keeping an older version of Firefox and the most recent version of Flash, is also not recommended from a security point of view.

What to do:

  1. Uninstall all instances of Adobe Flash Player on all machines that have access to your corporate network.
  2. Treat any new notifications or versions of Flash Player upgrades as malicious.
  3. Migrate any applications or content using Adobe Flash as soon as possible to an open standard such as HTML5, WebGL or WebAssembly.
  4. Ensure you keep your web browsers up to date to avoid unsecure or compromised Flash content.

Top tip: Acronis Cyber Protect makes it easy to keep the systems you look after secure by flagging outdated applications and helping you track down all instances of unwanted software, such as Adobe Flash.

Written for publication on the Synapsys website on 27 January 2021