NCSC Warns Admins Not to Disable Updates to Keep Flash Alive in 2021

A dire warning came from UK’s National Cyber Security Centre (NCSC), advising IT administrators not to disable the update mechanism to keep Adobe Flash past its end-of-life date, set for the end of 2020.

It’s been a long time coming. Adobe Flash is finally going away, with all of the major browsers pledging to remove it entirely from their software. Right now, browsers advise users that Flash is disabled, but users can still choose to enable it. After 2020, modern browsers will eliminate Flash support entirely, with no way of installing it.

The NCSC is trying to get ahead of the curve because some IT admins might take drastic measures to keep Adobe Flash Player alive, at the cost of security. One way to do that is to disable the operating system’s update mechanism or software to prevent automatic Flash removal.

“All of the major browser vendors have committed to removing Flash from their products entirely by the end of 2020,” says the NCSC.

“At that point, you won’t even be able to optionally turn it back on again. After 2020, you’ll have to use an old, unpatched version of your browser to continue using Flash Player. In the case of Edge, Internet Explorer and Safari, it will likely be necessary to disable the underlying platform’s update mechanism too. That would be very bad.”

Regular users will likely ignore this important event because it won’t affect them. But some Flash-dependent projects in large organizations will feel the impact. Developers, vendors and IT administrators will have to work together to remove any dependencies from existing projects.

Adobe is already committed to removing Flash from official web sources so users can’t forcefully install it afterward. Right now, the software has over 1,000 unpatched vulnerabilities, including some researchers discovered only two months ago.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Silviu STAHIE. Read the original post at: