The word has been out for some time — since July 2017 according to the Adobe Flash Player EOL page — but the news bears repetition. The Adobe Flash Player (and hence also, the Adobe Flash format) hits EOL after December 31, 2020. That means on New Year’s Day (January 1, 2021), Adobe and its partners will no longer distribute or update the Adobe Flash Player. It’s the end of a Web era, for sure, and one that many security experts have argued is long, long overdue because of the Flash format and its player’s many, many security vulnerabilities. Anyone who’s used Windows for the past decade or longer recognizes Flash Player security updates as a reasonably frequent item amidst Patch Tuesday elements. Thus for example, the current Flash Player version was updated once in 2018, 6 times in 2019, and has been updated twice in 2020 so far (see the Security Updates for Adobe Flash Player page for more details, and thorough history back through version 9.x).
What’s It All Mean, Mr. Wizard?
According to the EOL page itself Adobe’s decision comes from the proliferation and update of “open standards such as HTML5, WebGL, and WebAssembly.” These have “grown and matured,” in Adobe’s words, and now “serve as viable alternatives to Flash content.” The real reason for its EOL comes in the sentences following the company’s answer to “Why did Adobe decide to EOL Flash Player and select the end of 2020 date?” They read as follows (I added the bold emphasis):
Also, the major browser vendors are integrating these open standards into their browsers and deprecating most other plug-ins (like Adobe Flash Player). By announcing our business decision in 2017, with three years’ advance notice, we believed that would allow sufficient time for developers, designers, businesses, and other parties to migrate existing Flash content as needed to new, open standards
Adobe’s going a bit further than just declaring dates and end of support. They’re apparently planning what Sergey Tkachenko at WinAero.com calls a “time bomb,” too. Here’s what Adobe plans to do starting on January 1, 2021, according to the same EOL page:
Adobe will be removing Flash Player download pages from its site and Flash-based content will be blocked from running in Adobe Flash Player after the EOL Date.
Tkachenko speculates that this means the Flash Player, if run on or after January 1, 2021, will check the date. Finding it is past the expiration date of 12/31/2020, it will refuse to play Flash content. That really, truly spells the end of Flash as we’ve known it, especially given that Firefox and Chrome stopped supporting Flash recently (see this Informetica item entitled “Firefox and Chrome Flash Support“). Their approach is to refuse to handle .swf and .flv flash files, and to block Flash plugins by default. IE and Edge, however, still support Flash, though a Flash Player extension is not available in the Edge Add-ons store.
Hopefully, you’re not visiting too many websites that still use Flash. I can’t remember the last time I did myself. I’m guessing there will be minor hiccups in the wake of this EOL, but for the most part it should come as something of a relief — especially to security professionals.
Author: Ed Tittel
Ed Tittel is a 30-plus-year computer industry veteran. He’s a Princeton and multiple University of Texas graduate who’s worked in IT since 1981 when he started his first programming job. Over the past three decades he’s also worked as a manager, technical evangelist, consultant, trainer, and an expert witness. See his professional bio for all the details.