UK’s National Cyber Security Centre (NCSC) has issued a warning alerting users and system administrators to the risks of using the Adobe Flash Player plugin once the software has reached its end-of-life (EOL) date set to December 31, 2020.
As the cyber security agency explains, Flash Player is plagued by more than 100 recognized vulnerabilities, including critical bugs disclosed as recently as June 2020. By exploiting these flaws attackers could compromise targets via adverts or distribute ransomware.
“Vulnerabilities in Flash are concerning, but from next year, such vulnerabilities could remain unpatched indefinitely, just waiting to be exploited. At that point, reliance on Flash Player could be disastrous,” the agency warns.
One of the main NCSC’s concerns is that enterprise and other networks that rely on legacy web apps and desktop software will continue to use Flash to display multimedia content or support features like file uploads, file explorers, loading screens, and so on. The fear is that in order to do this some system administrators would disable update mechanisms in these applications or web browsers to allow users to use these apps.
“Just to be clear: You should not disable browser and/or platform updates as a way of continuing to use Adobe Flash Player after 2020,” the agency said.
“Instead, we encourage you to work alongside your suppliers to remove Flash dependencies. Any vendors that are unwilling, or unable, to do this should, themselves, be considered risky,” the NCSC added.
In June, Adobe itself recommended users to uninstall Flash Player before the EOL date.