Back in the early 2000s, when the Internet was relatively new, people were focused on building things rather than destroying them. There were just 17 million websites online in the year 2000, compared to a billion today.
In those early ages of the internet, Flash was seen as the next big thing. It enabled interactive web pages, online games, video and audio streaming, and even YouTube used it to display video content. Companies such as Nike, hp, Nokia, and Disney embraced the technology.
Very few voices noticed, back then, that Flash wasn’t built security-wise, and that its jillion flaws would eventually fire back.
Last year alone, 313 Flash vulnerabilities have been discovered, the grand total currently reaching no less that 700 flaws, according to CVE Details.
Flash, the most popular 0-day target
This technology is constantly under attack, and vulnerabilities surface every other day. Advanced persistent threat groups such as Pawn Storm leverage its design flaws. 8 of top 10 vulnerabilities used by exploit kits last year targeted Adobe Flash and this is why you should get you worried if you are still having Flash enabled in your browsers.
This software is a favorite vector for carefully planned cyber attacks, and antiviruses can’t do much against it. In most cases, Flash player exploits would easily by-pass security software and infect the computers.
Flash ranked 3rd last year with its 313 vulnerabilities discovered. Only Mac OS X (384) and iOS (375) had a higher number of bugs, according to CVE Details.
Zerodium, the Zero Day broker that operates on the black market, offers up to $80,000 for a Flash vulnerability, among the highest amounts of money paid to bug hunters. Only iOS, Android, and Windows Phone flaws are better rewarded.
Usually, a Flash vulnerability is fairly easy to exploit. Ransomware creators, for instance, prefer to use Flash and Adobe Reader. These two technologies are "the easy mode" to roll-out their stuff.
Solutions
Websites are gradually switching from Flash to HTML5, which is a good thing and a strong signal that Flash is dying. Browsers are also taking a stand. Mozilla ditched Flash, Google doesn’t allow Flash ads although it still uses the software embedded in Chrome, but we hope they will disable it like Mozilla does.
It helps, to some extent, if you enable a click-to-play plugin in your browser or you use a plugin such as Flash Control, available for both Google Chrome and Mozilla Firefox. Chrome provides a better protection compared to other browsers, such as the Internet Explorer, as it employs a sandbox. Yet, this doesn’t mean it’s bulletproof and you are better off disabling it for good.
You can also use a separate browser specifically for playing flash content, and only go for trusted websites, like some big media streaming services.
Note that uninstalling it in Windows might be tricky. If you can't find it in the list of installed programs, then you will need to download from Adobe a tool called uninstall_flash_player.exe.
Final words
If security and privacy are important to you, then you should stop using Adobe Flash player right now. There is absolutely no reason to continue using it if you care about your online safety and your data. By simply removing it, your computer security would improve by orders of magnitude.