“What now? My farm is no longer working. Can you have a look, honey?”
Like millions of other people my wife likes to play online browser games. You know, the ones that don’t require a fast connection because your virtual life is not in constant danger, and an occasional harvest is enough to make progress in the game.
So, when her browser refused to open her virtual farm, and there were many, many other users like her, this caused some turmoil in the community. Especially when some of the developers acted as if it came as a surprise and took their time to decide what to do next.
Facebook and some other social platforms used to host a ton of these games and what most had in common is that they were using Adobe Flash Player for their animations. Flash let web designers and animators deliver animated content that could be downloaded relatively quickly.
But as of last month, the major browsers have stopped supporting Adobe Flash Player after Adobe itself announced to stop support as of the 31st of December 2020. Specifically, Adobe announced years ago that it will stop updating and distributing Flash Player.
What caused this end of life?
Adobe Flash Player has seen more than its fair share of exploits and vulnerabilities. Arguably, it's because the software was so popular that it made for an attractive target, but since it was based on a 1996 release it may have become impossible to keep on patching it. Developers are changing to HTML5, and other options, to produce new content.
Advice for Flash users
Home users should uninstall Adobe Flash Player as it will no longer receive any security updates. The general feeling among security professionals is that it will not take long before unpatched vulnerabilities will be exploited in the wild. In some cases, simply having Adobe Flash Player installed is all it takes to compromise your system. So, if there are no legitimate use-cases left, don't run the risk of having it installed. Adobe has instructions for removing Flash on Windows and Mac computers on its website.
It could be a different scenario for business users, as some companies may still be using Adobe Flash Player for internal use. As it stands, it will become increasingly difficult to maintain this situation since Adobe will prevent Flash Player from displaying content from 12 January 2021.
If your site is reliant on the plugin for developing or playing content, it’s high time to consider a revamp of your website content. Adobe has some options for its customers who were taken by surprise.
Expected cybercrime abuse
We've seen fake Flash Player updates for years, which are in reality bundlers that sometimes include the actual latest version of Flash but might just as easily include older versions or no version of Flash at all. We suspect these will continue to show up. They might even become more popular as people have no way of finding legitimate versions and updates.
You may also see malicious campaigns promoting alternatives for playing Flash content, which could in reality install any kind of malware or potentially unwanted program.
And there may be some exploit kits that will take it upon themselves to incorporate all the latest vulnerabilities in their setup to victimize those that still have Adobe Flash Player installed.
End-of-life (EOL) is an expression commonly used by software vendors to indicate that a product or version of a product has reached the end of usefulness in the eyes of the vendor. Many companies, including Microsoft, announce the EOL dates for their products far in advance. Adobe announced this EOL in 2017, so most developers should have been aware. Many will be sad to see it go and some will be glad to point it to the door. Our advice will be the same as always.
Stay safe, everyone!