Flash is apparently indestructible

Posted July 29, 2015

Adobe Flash has had better PR. The media went rampant on Flash for its constant vulnerabilities. Through the HackingTeam leak, there were at times 3 unpatched critical vulnerabilities present, many high profile researchers and journalists were calling on people to uninstall Flash, Mozilla put Flash on their blocklist (only enabled with Click-To-Play), yet Flash seems to be indestructible.

We’ve seen Flash dipping across our Digital Identity Network powered by over 3,500 customers and over 15,000 websites worldwide on July 14 (see last post) and we were already excited that the everyday people would notice something security related.

Unfortunately this excitement didn’t last and Flash seems to be indestructible. The following graph shows the percentage of Transactions that have Flash enabled across all of our Global Digital Identity Network.

flash_transactions

This is simply unbelievable. There is a dip on July 14, but the Adobe Flash usage hasn’t significantly dropped.

It seems that this is another case where security alerts and advisories are only heard by the converted (security professionals) and not the people who are most at risk.

 

Andreas Baumhof

Andreas Baumhof

Chief Technology Officer, ThreatMetrix

close btn