Here’s the very best advice on what you should do with Adobe Flash

On Tuesday, Adobe released a critical update patching over 50 security holes in its Flash Player plugin.

Security blogger Brian Krebs says it better than me:

It’s bad enough that hackers are constantly finding and exploiting zero-day flaws in Flash Player before Adobe even knows about the bugs.

The bigger issue is that Flash is an extremely powerful program that runs inside the browser, which means users can compromise their computer just by browsing to a hacked or malicious site that targets unpatched Flash flaws.

Sign up to our free newsletter.
Security news, advice, and tips.

The smartest option is probably to ditch this insecure program once and for all and significantly increase the security of your system in the process.

That seems pretty reasonable to me.

Here is our guide on how you can update Adobe Flash on your computer or (even better) uninstall it entirely.

If that seems too drastic a step for you take right now, at the very least consider enabling “click to play” to reduce the chances of attackers exploiting Flash as you browse the web.

The full advisory on the Flash security vulnerabilities can be read on Adobe’s website, as can details of the security update they have released for another of their beleaguered products – Adobe Reader.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

16 comments on “Here’s the very best advice on what you should do with Adobe Flash”

  1. Joe \'flash\' user

    Perhaps you and Brian can get together this weekend and rewrite all of the commercial software that uses Flash in HTML5. I'm sure that the two of you will be able to do this without difficulty.

  2. PeterfromMesa

    Suppose we delete Flash; then what? What do we use to view the content on most of the Web pages we visit?

    1. Graham CluleyGraham Cluley · in reply to PeterfromMesa

      iOS users seem to manage just fine.

      Seriously, a half-way house is to enable Click-to-Play. I've described how to do that, and its benefits, here: https://grahamcluley.com/enable-click-play-adobe-flash/

    2. Bob · in reply to PeterfromMesa

      Most websites, YouTube does this, fallback to HTML5 or some other media provision when they detect Flash is unavailable.

      Or carry on using Adobe Flash at your risk. I've give some additional suggestions in another comment.

  3. paul

    ok I will remove, but many apps say they cannot run and need flash, as a computer infant, how do I get around this?

    1. Bob · in reply to paul

      Remove Adobe Flash and then install Google Chrome. That still uses Flash BUT NOT Adobe Flash. The version of Flash that Chrome uses is kept more up-to-date. And then enable click-to-play as Graham suggests for extra security.

      In terms of mitigating the risk caused by such exploits consider installing something like Malwarebytes Anti-Exploit. The free version protects your browser – you probably won't need the paid version. You should use this IN ADDITION to your normal anti-virus software and firewall.

      https://www.malwarebytes.com/antiexploit/

      1. Steve Moreau · in reply to Bob

        Malwarebytes Anti-Exploit is an excellent way to mitigate the risk of malware triggering on your PC, but it's not free (there is a free trial) and it's not an option for OS X.

        1. Bob · in reply to Steve Moreau

          Steve, it IS free. Take a look at their website again ;-)

          They give you a 14-day free trial of the Premium Features and after the 14-days it downgrades to the Free version.

          The free version only provides you with:

          "Shields browsers and add-ons"
          "Shields Java"

          All the other premium features get deactivated after 14-days unless you pay £20 per year.

          The free protection is sufficient for those not willing to fork out for it.

          https://www.malwarebytes.com/antiexploit/

  4. proud bay man

    Trashed it several months ago. Don't miss much.

  5. rick

    So will adobe start shelling out money for malicious damage done to users computers as a result of their crap? No they wont .. its your problem.

    As long as adobe flash exists we will never be free!

    1. Mike · in reply to rick

      Didn't you mean "As long as applications using Flash exist" ???

  6. Dav_Daddy

    I don't see why Adobe doesn't release flash open source?

    It's not like they have made money from flash in ages if ever. The cost of paying the team responsible for writing this constant flow of patches has to be costing more than they make from selling the tools to author flash content. That's assuming they even sell them any longer? Didn't they announce they were retiring flash back in 2012?

    Open that sucker up and let the community maintain it.

    1. Bob · in reply to Dav_Daddy

      Because it's commercial software.

      Remember that Open Source doesn't equal security. Look at OpenSSL (Heartbleed et. al.), Bash and all of the other vulnerabilities that have lurked in open source software for YEARS simply because the programmers/people reviewing the code:

      were not skilled enough
      didn't have enough time on their hands
      not motivated to look for vulnerabilities
      overlooked something which appeared 'okay'
      were too busy developing their own forks

      Open Source is good but the waterfall of vulnerabilities in Open Source doesn't make it any more secure from common vulnerabilities.

      Open Source IS good for allowing people to check if there are any backdoors but then again all the best backdoors are designed to look like simple programming errors and we all know that the unpaid community have left these vulnerabilities un-repaired and open to hackers for years.

  7. Joe

    Unfortunately, even though Flash is evil and has always been evil, MOST webpages and a very large number of businesses —INCLUDING __YOUR__ BANK — use Flash.
    Why?
    Because it is so easy to program Flash and the product is so, well, Flashy and comic-book like that it appeals to and can be programmed by children.

  8. Snowhawke

    I have had nothing but problems with adobe flash on firefox recently. It crashes and then freezes on certain sites.
    I have been using the avast safe zone browser instead of firefox. It will not even open some sites, but no crashes yet.

  9. Burt

    This is complete nonsense. I've been working in IT for over 20 years and I have never once encountered a situation where a computer was compromised due to Flash. This rampant Flash hysteria smacks of a concerted effort to defame Adobe. It probably started with Apple and now every Tom, Dick, and Harry is jumping on the bandwagon and parroting the incessant propaganda.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.