Cygilant Blog

Is It Time to Disable Flash Once and For All?

Posted by Trevan Marden on Jul 28, 2015

With more zero-day exploits for Flash being released – including notable recent revelations that arose from the Hacker Group hack – security experts everywhere are mulling the benefits and risks of enabling Flash. 


The Internet is dumping Flash for HTML5. While Flash was once the preferred format for interactive content that could integrate fluid elements, graphics and even video, Flash is rapidly being phased out in favor of HTML5. The latest HTML standards include so many dynamic elements that using Flash is an outdated approach. Coupled with the ongoing security concerns related Flash-based “drive-by” malvertising attacks, many are asking themselves, "Is it time to disable Flash once and for all?


Do you use Flash? Many people don’t. YouTube adopted the HTML5 standard for video earlier this year and other sites have followed suit. Netflix previously used Silverlight and is moving to HTML5 rapidly across platforms. While a few sites might still require Flash to access a piece of embedded content, most no longer do. Many ads, however, still use Flash, which can create a vector for malvertising to infiltrate your system with a drive-by or targeted attack.


Take the test. Not sure how often you use Flash? You don’t have to completely uninstall or disable Flash to improve your security. Consider enabling ‘click to play’ for Flash content in your browser. By default, Flash content will appear as a greyed-out box with a prompt to click to enable the content. You can then decide on a case-by-case basis if the content is worthy of loading, while blocking all the suspicious and unnecessary Flash content.

What do you think? Is there a good reason to leave Flash enabled?


Tags: Endpoint Security

Most Recent Posts

Subscribe to the Cygilant Newsletter