Flash has become a nightmare for people in the security industry with tale after tale of vulnerabilities being found in the ancient development environment. But is it time to call it a day for the adobe flash player?
This may have already been answered for us with Adobe themselves saying in July 2017 it would be stopping distribution of the player and fully killing it off by 2020. (Adobe End Of Life Announcement ) Although, this could have been foreseen for a long while as Apple decided to ditch flash in 2010 from their IOS devices  with Android following suit in 2012. 
How will the web cope with the loss of flash from our browsers? Many companies will already be aware of this issue and started to migrate existing flash services to more up to date languages like HTML5. However, there are still many companies and services relying on flash for critical services like training materials, video players and even some login scripts.
(Not to mention the nostalgia of playing flash games!)
Most of the reason for flash being culled is the hacker’s paradise it created. Due to its age and the prevalence across the internet. This has meant so many hackers have been finding holes in this ageing language causing Adobe a large headache to keep up. The scale of the problem becomes clear from looking at the CVE numbers, over 667 exploits being found since 2015 and 321 being critical.  These exploits have ranged from the tame to background bitcoin miners to full remote code execution.
These vulnerabilities don’t just affect the web, these malicious flash scripts can be embedded into office documents which could then be emailed to a victim, highlighting the importance of disabling scripts as well as ensuring a robust email security solution.
Not all is lost if you still need to run flash player within your business, the latest versions of flash player has all current vulnerabilities patched. You can check if you are on the latest version here: http://helpx.adobe.com/flash-player.html
Flash losing popularity could be down to languages like HTML5 & WebGL appearing, which being a modern language are far more capable, efficient and has a greater focus on security.
Now that flash is officially dead we will see more companies removing legacy flash applications and moving across to more modern tools, although due to the investment this will take time so for now what can businesses do to protect themselves?
Companies should ensure they have up to date web gateway and email gateway protection to try strip out any malicious code that could be run. Also, if your business does not need to run any flash applications this can be disabled or made ‘click to play’ in the browser following the steps below.
(Flash could also be uninstalled from a PC to ensure it cannot be run)
Ant Robinson – Senior Cybersecurity Specialist
 Adobe – Flash & The Future of Interactive Content
 Apple – Thoughts on Flash
 BBC – Adobe Flash Player exits Android Google Play store
 CVEdetails.com – Flash vulnerabilities