The official end of Adobe Flash Player is finally here, but the unofficial truth is that it won’t disappear overnight from the Internet. It will remain a security risk for a long time. The problem with software reaching its end of life is that it will usually be used long past its expiration date.
A similar issue affects patches for critical vulnerabilities, with organizations and regular users failing to upgrade their systems quickly.
The Adobe Flash Player used to be a popular tool for web design, but it had numerous security problems. Apple was the first major company to do something about it, announcing in 2010 that it would eventually drop support for the software.
It took the industry a decade to reach this point, and it’s finally here. Flash Player reached end of life, and Adobe says that it no longer provides updates. But what does it really mean? There’s no magic button to turn it off, so it’s going to remain implemented in websites, games, and other software until developers finally replace it. Given that Flash was at one point installed on 99 percent of all devices, this process will take a while.
The good news is that all major browsers took steps to prevent people from running websites that still have Flash installed, but there will always be some users bypassing such restrictions.
Making matters worse, some bad actors have been using Adobe Flash Player-like update notifications to trick people into installing malware.
It’s not enough to rely on browsers for security; it’s a good idea to always have a security solution installed on endpoints. Now that Adobe no longer provides security updates of any kind, hackers and other threat actors will work overtime to find new vulnerabilities that they know will never receive a patch. The same happened when Windows XP and Windows 7 reached end of life, and there’s no reason to believe that it won’t be the same with Adobe Flash Player.