Adobe Flash Player support ends on 12/31. prepare now.
Adobe Flash Player has had a good run.
But, as they say, all good things — if you can still refer to the glitchy, outdated software as such — must come to an end.
After December 31, 2020, Adobe will stop distributing and updating Flash Player — used for viewing multimedia content, executing rich internet applications, and streaming audio and video — just short of its 20th birthday.
“It's an archaic software, it is full of bugs, and over 1,000 vulnerabilities have been discovered since 2005. So it's something that Adobe has needed to discontinue for a while,” said Dylan Tomac, a threat and vulnerability analyst for the Information Security Office’s Cybersecurity Operations team.
Tomac is responsible for identifying and prioritizing vulnerabilities at the University of Utah and University of Utah Health, and helping departments patch their systems in order to keep the U safe and secure.
He’s also the person who will reach out to system owners 90 days before the Flash end-of-life (EOL) date to notify them that they need to discontinue use or convert their systems to new, open standards like HTML5. The Kronos team, for example, is already in the process of removing the plug-in from the university’s payroll and timekeeping website. Other university web developers, however, may need to do the same.
“We have a number of other hosted websites throughout the university for different departments that probably use Flash, and they need that reminder as well because they don't usually utilize it in a browser capacity but more as a functionality on their website, to have certain features and such,” he said.
The transition for those using Flash on their personal devices should be more seamless, Tomac said. While many major browsers will automatically disable Flash Player before its EOL date, users still may need to uninstall the software on their operating systems. (Access this UIT Knowledge Base article for more information on how to check whether Flash Player is enabled on your device(s) and how to uninstall it.)
After its EOL date, continued use of Flash will pose a significant security risk, especially to the university.
For example, Tomac said a threat actor could use it to hijack someone’s browser, exploit their system, and infiltrate the university network.
“If you're still using Adobe Flash after December 31, 2020, you could be the reason that an attacker gets into the university and steals our sensitive information,” he said. “And that's a big deal.”
The threat, he noted, isn’t university-specific. If you use Flash on a personal device after its EOL date, you’re putting your sensitive information at risk, too. For instance, you should avoid websites that continue to use Flash. If you find that a website you use often still runs on Flash after December 31, Tomac said sending an email to the company might be the push it needs to further secure its site and your data.
“Reach out and say, ‘Hey, this is not a secure website. I'm really afraid that my data is going to be exposed.’ And most of the time, that'll get a response,” he said.
The most important thing anyone can do — on the campus network or on your home network — is update your systems.
“Just make sure that your systems are patched,” Tomac said. “We could resolve a lot of our problems if people would just get on a regular patch schedule or just update their system when it asks them to update.”
More information
To learn more about the Adobe Flash Player end-of-life roadmap, visit the Adobe Flash Player EOL General Information Page. To learn how to find out whether Flash is enabled on your device(s) and how to uninstall the software, visit this UIT Knowledge Base article.
More information about the university’s Kronos upgrade, scheduled for late October, will be available soon. Details will be distributed through existing communication channels.
Node 4
Our monthly newsletter includes news from UIT and other campus/ University of Utah Health IT organizations, features about UIT employees, IT governance news, and various announcements and updates.