Researchers at Duo Security spotted a large number of enterprises exposing themselves to unnecessary risk by running outdated versions of Flash.
The study analyzed 4.6 million endpoints across multiple geographies and endpoints and found the percentage of endpoints running an out-of-date version of Flash has increased from 42% in 2016 to 53% in 2017, meaning more than half of enterprise endpoints are not protected against the latest known vulnerabilities, according to the firm's 2017 Trusted Access Report.
There are more than 1,000 public Flash vulnerabilities many of which have been reported in the last two years and 207 of them were considered high-to-critical severity and it's worth noting that six of the top 10 vulnerabilities found in exploit kits in 2016 targeted Flash.
Furthermore, the report found 21 percent of the endpoints had 11 listed critical vulnerabilities and that 19 percent of EMEA endpoints have Flash uninstalled, compared to 26 percent of endpoints in North America.
