Network Security, Vulnerability Management

A Eulogy for Flash, dead at last, dead at last

Adobe Flash may have lived long enough to see itself become the villain, as few are viewing it a hero in its passing despite its many achievements.

Adobe is scheduling to end Flash at the end of 2020 after a two decade run that brought us the ability to play online games, stream radio music and YouTube videos, and a host of vulnerabilities and patches. The company said most browser vendors are integrating capabilities once provided by plugins directly into browsers which has depreciated plugins and ultimately to the decision to end Flash, according to a July 25 press release.

The efforts will be carried out with the support of Apple, Facebook, Google, Microsoft and Mozilla, Adobe will stop updating and distributing the Flash Player at the end of 2020, the company said. Content creators are encouraged to migrate any existing Flash content to any of the new open formats in the meantime.

Despite its legacy Flash will continue to hold a special place in the hearts of security professionals.

“It has achieved legendary status within the security community for the number and severity of its vulnerabilities,” MobileIron Lead Solutions Architect James Plouffe told SC Media. “According to cvedetails.com, the weighted average Common Vulnerability Scoring System score of Flash vulnerabilities is 9.5 out of 10, with a shocking 84 percent of vulnerabilities falling in the 9 – 10 range.”

Plouffe added that no one was able to summon the wherewithal to improve its worst aspects, even when other technology vendors started taking matters into their own hands by disabling Flash by default or dropping support outright. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.