With Flash Player’s Dec. 31, 2020 kill date quickly approaching, Adobe said that it will start prompting users to uninstall the software in the coming months.
The End of Life (EOL) timeline has been a long time coming. Adobe first announced in July 2017 that it will no longer update or distribute Flash Player as of the end of 2020. In a new post on its Adobe Flash Player EOL information page, Adobe said that after Dec. 31, it will freeze updates for Flash, remove Flash Player download links from its website, and block Flash-based content from running in Adobe Flash Player.
“Adobe will not issue Flash Player updates or security patches after the EOL Date,” according to Adobe. “We recommend that all users uninstall Flash Player before the EOL date (see manual uninstall instructions for Windows and Mac users). Users will be prompted by Adobe to uninstall Flash Player on their machines later this year and Flash-based content will be blocked from running in Adobe Flash Player after the EOL Date.”
Flash is known to be a favorite target for cyberattacks, particularly for exploit kits, zero-day attacks and phishing schemes. That, and the emergence of open standards (like HTML5, WebGL, and WebAssembly) that serve as viable alternatives for Flash content has prompted Adobe to hit the kill switch on the software.
The end-of-life announcement has widespread impact on developers, enterprises, and consumers using specific OS environments or browsers, and Adobe has worked with an array of technology partners (including Apple, Facebook, Google, Microsoft and Mozilla) to prepare for EOL.
“The major browser vendors are integrating these open standards into their browsers and deprecating most other plug-ins (like Adobe Flash Player),” said Adobe. “By announcing our business decision in 2017, with three years’ advance notice, we believed that would allow sufficient time for developers, designers, businesses, and other parties to migrate existing Flash content as needed to new, open standards.”
For instance, Google dumped default Flash support in Chrome 76, while Mozilla also announced it would kill default support for Adobe Flash in Firefox 69. Microsoft disabled Flash by default in Microsoft Edge and Internet Explorer in 2019, and said it would fully remove Flash from both browsers in December 2020.
Until the official EOL, Adobe will continue issuing regular Flash Player security patches, maintain OS and browser compatibility, and features and capabilities (just earlier this month a critical Flash Player flaw was fixed).
Tim Wade, technical director and CTO Team at Vectra, applauded the move, telling Threatpost that Adobe Flash has had a long history of malicious use and abuse and replacement technologies have matured to the point of being viable alternatives.
“This is a change telegraphed years in advance to minimize business disruption, and it incentivizes the protection of internet users by forcing the migration of the web towards safer and more reliable open standards,” he told Threatpost. However, “Even with safer technologies in play businesses must still maintain diligence around their secure software delivery lifecycle, and users should still maintain awareness of basic safety and security on the web such as being mindful of the types of sites they visit, and where they share their personal data.”
Insider threats are different in the work-from home era. On June 24 at 2 p.m. ET, join the Threatpost edit team and our special guest, Gurucul CEO Saryu Nayyar, for a FREE webinar, “The Enemy Within: How Insider Threats Are Changing.” Get helpful, real-world information on how insider threats are changing with WFH, what the new attack vectors are and what companies can do about it. Please register here for this Threatpost webinar.
