Need help with implementation or an upcoming project? We offer professional services at reasonable rates to help you with your next network rollout, security audit, architecture design, and more. Click here to find out more.

For years now Adobe Flash has been more of a security liability than an asset for web users. While it was once a hallmark of interactive web content in the late 90's and into the 2000's, its usefulness has waned significantly with increased adoption of HTML5 and other methods of streaming video and building interactive content content. Google recently announced plans to block Flash content within its Chrome browser, and YouTube has already dropped Flash video playing as a default in favor of HTML5 video.

The security track record for Adobe Flash has been especially dismal, with dozens of CVE's issued so far just this year. The Metasploit Framework contains dozens of built-in exploits for various versions of Adobe Flash by default as well, and there are move available online, so it's certainly a target for hackers looking for soft targets. Some of the exploits are shown in the following screenshot.

Adobe Flash exploits in the Metasploit Framework

The bottom line is this - unless you're absolutely dependent on a vendor's product that only supports Flash, you need to remove or disable it.

On Windows, first start by removing Adobe Flash from Add/Remove Programs in the Control Panel on legacy installations, or in Apps & Features in Settings on Windows 10. You can also download the available Adobe Flash Player Uninstaller available from Adobe. In more modern versions of Windows you may not find Adobe Flash listed as an Application or App, because it's included instead as a browser plugin, which we'll address next.

Google Chrome

In Chrome, browse to chrome://plugins, which will show built-in and installed plugins. Adobe Flash is included by default with Chrome, we just need to disable it. Click the "Disable" link for Adobe Flash Player, then it should change to this:

Flash content will no longer run in Google Chrome with the plugin disabled, but as we've already discussed in the modern web you probably won't notice a difference.

Mozilla Firefox

In Firefox the steps are much the same as in Google Chrome. Browse to about:addons and click the Plugins link.

On the far right click the "Activate" dropdown and choose "Never Activate". At this point Adobe Flash is disabled in Mozilla Firefox.

Tyler Hart

Tyler Hart is a networking and security professional who started working in technology in 2002 with the US DoD and moved to the private sector in 2010. He holds a Business degree in IT Management, as well as the CISSP certification and others from Microsoft, CompTIA, Cisco, (ISC)2, Tenable Network Security, and more. For over 15 years he has worked and consulted with large and small organizations including hospitals and clinics, ISPs and WISPs, U.S. Defense organizations, and state and county governments.

Website