Out-of-Date Applications Rank as a Top Vulnerability–Do You Still Have Flash Installed?

When it comes to out-of-date applications, please don’t ignore them. While Adobe’s Flash Player officially hit its end of life on January 1, 2021. Businesses all over the world still have Adobe Flash installed, making the risk greater than ever. While the life of Flash may have ended, it lives on in hundreds of thousands to millions of computers, creating lasting vulnerabilities to organizations.

Why does out-of-date Flash matter? 

If there’s an old version of Flash running somewhere in your organization, it can have over one thousand known vulnerabilities, and Adobe is not providing fixes any longer. In simple terms, it’s a cybersecurity nightmare. The nightmare of Flash is proven by the fact that it ranks 14th on the list of products ranked by number of vulnerabilities. Flash has made the CISA’s list of the ten most exploited vulnerabilities for the last three years.

Why is Flash so hard to get rid of?

First and foremost, Flash could be embedded into critical systems within your organization. Don’t be fooled into thinking that Flash is just about online ads. Numerous early applications and websites went with Flash because of its animated “next-generation” look and feel. Additionally, some Firewalls, switches, access control systems, and more require Flash to administer them. Because it is intertwined so deeply into systems, it isn’t easy to get rid of it even when you want to. 

While a good IT security team will identify all the software and firmware that could be using Flash when they create an upgrade plan, it can sometimes be challenging to achieve this because of Flash dependencies of other systems within the organization. It’s not always as simple as just upgrading the dependent systems, because there may either be no newer versions available, or those systems may be at its end-of-life too, like Flash.

In this case, your IT security team will need to create a security zone around the vulnerable system to protect your overall organization until you can replace the insecure systems.

It might seem more straightforward to make sure everything is running on the newest versions. “Easier said than done”, say the experts. Not every business machine is always able to run on the latest versions, or firms are using two or three generations old devices. All of this plays a role in the vulnerability of current systems.

If your organization is looking to update software or systems, make sure to consult your IT security team and create a thorough plan for all software and firmware related to the desired updates. If your organization is needing support from a professional and experienced IT team, PK Tech can help. Contact us here.