UK NCSC: Don't disable updates so you can continue using Adobe Flash past its EOL
The UK's cyber-security agency warned on Wednesday of the dangers and complications that may arise from not removing Adobe Flash Player and continuing to use the software past its end-of-life (EoL) date of December 31, 2020.
Problematic scenarios include enterprise and other networks where legacy web apps and desktop software still use Flash to display multimedia content or support features like file uploads, file explorers, loading screens, and more.
The UK National Cyber Security Centre (NCSC) fears that some system administrators —with disregard for the security of their network— might make the wrong decision and disable update mechanisms in these applications or web browsers so employees can continue using these apps.
"Just to be clear: You should not disable browser and/or platform updates as a way of continuing to use Adobe Flash Player after 2020," the agency said on Wednesday. [Emphasis by the NCSC]
"Instead, we encourage you to work alongside your suppliers to remove Flash dependencies. Any vendors that are unwilling, or unable, to do this should, themselves, be considered risky."
Some software providers like SAS, Citrix, Articulate, and others have already released updates and customer guidelines in preparation for the Flash EOL. Others may have not, and system administrators may need to intervene and remove the software from their networks and find a Flash-free alternative.
But if there's one thing that IT administrators can't say is that they've been taken by surprise. Adobe gave companies a three-year start to prepare for the Flash EOL, having first announced it in 2017.
Browser makers like Apple, Google, Microsoft, and Mozilla have all announced they also planned to remove Flash from their products by the end of 2020 or late January 2021, making playing any Flash content inside their products impossible.
In a recent update to the Flash EOL page, Adobe itself has asked companies to be proactive about the EOL and remove the software even before the end of the year, even planning to manually prompt users to uninstall Fash later this year.
This is the second time that the NCSC has stepped forward to issue a warning to UK IT admins about a soon-to-be EOL software application. The agency published a similar alert in August 2019 to urge software developers to migrate their code to Python 3.x as the Python 2.x branch was nearing its scheduled EOL date of January 1, 2020.