Adobe Flash has long been an attractive web attack vector for adversaries who want to exploit and compromise systems. However, as the amount of Adobe Flash content on the web continues to decline— and awareness about Flash vulnerabilities grows—it is becoming more difficult for cybercriminals to exploit users at the scale they once enjoyed.

Adobe itself is moving away from full development and support of the software platform and has encouraged developers to adopt newer standards such as HTML5.⁷ Providers of popular web browsers are also taking a strong position on Flash. For example, Google announced in 2016 that it will phase out full support for Adobe Flash on its Chrome browser.⁸ Firefox is continuing to support legacy Flash content, but it is blocking “certain Flash content that is not essential to the user experience.”⁹

High