Security-conscious IT administrators around the globe know that they shouldn’t really have Adobe Flash in their organisation.
It’s not as if Adobe Flash has a future.
Last year, Adobe announced that it will be no longer be updating or distributing Flash Player at the end of 2020 and is encouraging content creators to migrate to non-Flash formats.
Read that again. After 2020, there won’t be any more security updates for Adobe Flash Player. Which means that if new remotely exploitable vulnerabilities are found (as they surely will be), it won’t matter how long you wait until Adobe gets around to distributing a patch, as it won’t be coming.
Of course, this is a problem for all businesses that may have computers running Flash Player or may be reliant on websites that use Flash content. If they haven’t already done so, they need to think about what they are going to do to migrate seamlessly away from Flash and ensuring that the program is disabled or uninstalled from their population of PCs.
In short, eradicate Flash and use an alternative such as HTML5.
For some companies, that’s going to be a significant job. And it may be an even bigger challenge for very large organizations such as the U.S. government.
Oregon senator Ron Wyden highlighted the issue this week with a letter he wrote to government agencies responsible for federal cybersecurity. In it, he called on the Department of Homeland Security (DHS), NSA, and NIST to work together to end the U.S. government’s use of Adobe Flash before it’s too late:
The federal government has too often failed to promptly transition away from software that has been decommissioned. (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/senator-government-killing-flash/