Adobe Flash support will end on December 31, 2020

It’s the end of an era: the long-awaited end-of-life (EOL) for Adobe Flash will arrive on December 31, 2020. After that, Adobe and its partners will no longer support Flash, and the software will receive no additional updates.

In this short article, we’ll answer some common questions about this important transition, and let you know what it means in terms of security and privacy.

What is Flash?

Flash is a software platform that can be used to create graphics, animations, games, and embedded video players. At its height, Flash was widely used by web developers to provide multimedia content on websites, but over the years the technology has been superseded by open standards like HTML5 and WebGL.

Why is this happening?

In order to display Flash content, web browsers require the Adobe Flash Player plugin. However, there have been security concerns about Flash for years (Steve Jobs was publicly criticizing Flash as far back as 2010, and wouldn’t allow it on iOS), and recently, major browser vendors have stopped supporting Flash in various ways. Apple, for example, disabled Flash by default in Safari 10, although users still had the option to manually enable Flash content if they wanted. 

The end of Flash, then, has been a long time coming. In 2017, after years of criticism from the security community and lack of support from browser manufacturers, Adobe finally announced their decision to discontinue support for Flash, setting an EOL date of December 31, 2020. The long delay was meant to allow web developers and business owners sufficient time to migrate their existing Flash content to a more up-to-date alternative.

Will Flash still work after December 31?

On macOS, all support for Flash has already been removed from Safari 14, which ships with macOS 11 Big Sur: Flash simply doesn’t work in the latest version of Safari, and there’s no way to enable it. 

Everyone else is phasing out Flash support in their own way. The Firefox web browser, for example, will strip out all support for Flash when Firefox version 85 is released on January 26, 2021. Microsoft simply made the automatic removal of Adobe Flash Player part of an October 2020 Windows 10 update.

Adobe is encouraging users to uninstall Flash from their systems if they haven’t done so already, and will remove all download links for Flash Player from its website at the end of the year. All Flash content will be blocked in Flash Player after December 31 as well. 

Users with older OSes or browsers that support Flash are advised to completely remove Flash Player from their systems, since Adobe will no longer be issuing patches for the software, and therefore any remaining legacy versions of Flash have to be considered vulnerable.

What does the end of Flash mean for security and privacy?

On the whole, the end of Flash is a good thing for security and privacy.

For one thing, there have been multiple Flash security vulnerabilities over the years, so it’s great news that the technology will now be replaced by more secure open standards.

In addition, bad actors have often used fake Flash Player updates as a way of spreading malware. This has been one of the most consistent delivery vectors for Mac malware: Users are told that their desired video content can not be played until they update Flash Player, but when they download and run the “Flash update installer”, their Macs become infected with adware and PUPs—or sometimes even more serious threats. Once Flash is gone for good, and comes to be perceived by the general public as truly obsolete, it should be much harder for the bad guys to trick people into downloading malicious Flash updates. 

In terms of Flash security going forward, after December 31, no one should download a Flash update or installer again, since by definition it will not be an officially supported version—and will very likely be malicious. If you know someone who is a bit less tech savvy than you are, take a moment to let them know that all support for Flash is ending, that they should uninstall any remaining Flash components on their systems, and that they should treat any future requests to install Flash as malicious.