For a long time we struggled with its weaknesses, now the last days are numbered: the Adobe Flash Player finally says goodbye to the big stage at the end of the year. A swan song from Sophos.
One learns to live with some cybersecurity difficulties. IT security companies have been describing the pitfalls and curiosities of the (mostly) usual suspects for years. Sometimes with a shake of the head, sometimes angry and sometimes with a bit of fatalism, for example, it's about the fact that Windows still does not display file extensions by default, that IoT devices with elementary security errors are distributed or that Apple has stubbornly refused to report security corrections for so long until they are then revealed. And Flash was always a very special security patient. Until now.
The end of the farewell tour
Because for Adobe's technology for interactive graphics, after a three-year farewell tour at the end of the year, the last curtain will actually fall, at least on the Windows stage. As early as 2010, Apple banned Flash from its iOS ecosystem: no access for Flash and applications with it. In 2011, Adobe announced itself that it would give up Flash technology for mobile devices. However, probably more because of user pressure than a burning desire to keep Flash alive, the company continued to provide updates and security patches to desktop computers for several years. In July 2017 it was finally announced that it would stop updating and distributing the Flash Player by the end of 2020. Developers were advised to migrate Flash content to other formats in good time.
Cyber criminals love Adobe Flash
Cyber criminals were able to use the involuntarily supplied "options" for themselves. They misused Flash vulnerabilities not only to harass users with fake or misleading content, but also to bypass browser restrictions, spy on settings, read files on the hard drive or finally infect computers with malware. Worse still, flash bugs seemed to show up very often as zero-days, which are security holes that attackers attack before a patch is available. Even the most disciplined and fastest system administrators hardly had a chance of a saving advantage here. Flash was and is a darling of cyber criminals.
Is the end really near now?
Is December 31, 2020 really the end? Is the Flash player actually disappearing from the stage? Even though there have been so many additions already, considering Flash has been redundant in browsers since HTML5 came out in 2014? It looks like it. Anyway, update KB4577586 entitled “Adobe Flash Player Removal Update: October 27, 2020” sounds serious: “Removes Adobe Flash Player from your Windows device”. And: "After this update is applied," the KB article continues, "this update cannot be uninstalled."
More on this at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.