Adobe announced that Flash Player will reach End of Life (EOL) on 31 Dec 2020, prompting users to uninstall the application as security fixes will not be released beyond this date. Adobe also urged users not to download Flash Player applications from third-parties, as these are likely to be malicious and put users at risk. Here’s a comment from Satnam Narang, Staff Research Engineer at Tenable discussing tactics cybercriminals are using to convince users to download and install malicious software.
“Adobe announced three years ago that Flash Player would reach End of Life (EOL) on 31 Dec 2020, giving developers, enterprises and users ample time to migrate to newer technologies. This means that after 31 Dec, users will no longer be able to install Flash Player on their computers because after it reaches EOL, Adobe will not release any security fixes for the application.
Cybercriminals are already targeting unpatched versions of Adobe Flash and creating websites masquerading as fake Flash Player updates to convince users to download and install malicious software. The EOL notice is another opportunity for cybercriminals to pivot their messaging, encouraging users to download a “final version” of Flash Player in one last-ditch effort to install malware on their systems. Users should heed Adobe’s warnings and uninstall Flash Player as soon as possible.” Satnam Narang, Staff Research Engineer at Tenable.