Adobe’s Flash Player officially hit its end of life on January 1, 2021. It was a security risk while it was still alive. To data centers, it’s even more of a risk now that it’s dead.
That’s because the technology is often embedded into other systems, some of which may be critical for data center operations.
A Troubled History
The tool, known at the time as Macromedia Flash, was first released 25 years ago to add interactive graphics to websites. In addition to making the internet more annoying, it was used for casual games like Zynga’s FarmVille (which sucked up endless work hours, destroying productivity).
The proprietary platform was often criticized for its non-standard design, problems with accessibility, its tendency to degrade performance, and its abuse by advertisers.
More critically, it was a cybersecurity nightmare. Last spring, Flash made the list of CISA’s ten most exploited vulnerabilities of the previous three years. Mitre lists more than 1,000 Adobe Flash vulnerabilities.
Flash ranks 14th on the list of products ranked by the number of vulnerabilities — one of only two applications in the top 25 that aren’t operating systems or browsers. The second one, Acrobat, is also an Adobe product.
At its worst, in 2015, four of the five most exploited zero-days were in Flash, according to Symantec.