{"id":88523,"date":"2018-04-17T06:00:02","date_gmt":"2018-04-17T13:00:02","guid":{"rendered":"https:\/\/securingtomorrow.mcafee.com\/?p=88523"},"modified":"2025-05-29T03:28:29","modified_gmt":"2025-05-29T10:28:29","slug":"despite-decline-use-adobe-flash-vulnerabilities-will-continue-cause-concern","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/despite-decline-use-adobe-flash-vulnerabilities-will-continue-cause-concern\/","title":{"rendered":"Despite Decline in Use of Adobe Flash, Vulnerabilities Will Continue to Cause Concern"},"content":{"rendered":"<p><em>This post was researched and written by Brook Schoenfield with the assistance of Tim Hux, Abhishek Karnik, Asheer Malhotra, and Steve Povolny<\/em><\/p>\n<p>McAfee Advanced Threat Research team analysts have studied Adobe Flash Player for years because it is a popular target for attacks. As always, we advise customers to remain current with McAfee\u2019s latest DAT versions. In this post we want to provide some insight into the history of Flash exploitation and possible future trends.<\/p>\n<p>Morphisec <a href=\"https:\/\/blog.morphisec.com\/cve-2018-4878-an-analysis-of-the-flash-player-hack\" target=\"_blank\" rel=\"noopener\">published<\/a> an analysis of a new set of Flash flaws, CVE-2018-4878, that have been exploited in the wild. Hardik Shah of McAfee Labs <a href=\"https:\/\/securingtomorrow.mcafee.com\/mcafee-labs\/hackers-bypassed-adobe-flash-protection-mechanism\/\">posted<\/a> a technical analysis of CVE-2018-4878\u2019s mechanisms on March 2:<\/p>\n<p>\u201cThe number of Flash Player exploits has recently declined, due to Adobe\u2019s introduction of various measures to strengthen Flash\u2019s security. Occasionally, however, an exploit still arises. On January 31,\u00a0Kr-Cert reported\u00a0a zero-day vulnerability, identified as CVE-2018-4878, being exploited in the field. (Adobe has released\u00a0<a href=\"https:\/\/blogs.adobe.com\/psirt\/?p=1522\" target=\"_blank\" rel=\"noopener\">an update to fix this flaw<\/a>.)\u201d<\/p>\n<p>Details about McAfee protections covering CVE-2018-4878 appear at the end of this article.<\/p>\n<p>This post will examine the history of Flash\u2019s issues since the first Common Vulnerabilities and Exposures (CVE) list for Flash was published in 2006. By examining some of the data, both users and owners of sites that employ Flash can better understand Flash flaws and why Flash will continue to interest attackers, even though Adobe <a href=\"https:\/\/theblog.adobe.com\/adobe-flash-update\/\" target=\"_blank\" rel=\"noopener\">will discontinue development<\/a> of Flash in 2020.<\/p>\n<p>We examined historical Flash data regarding vulnerabilities. We also accounted for the current distribution and uses of Flash. Through this analysis, we believe that despite Adobe announcing Flash\u2019s end of life, a number of sites will continue to use and depend upon Flash for at least the immediate future, even as sites convert to alternative technologies. (See the list of example sites, below.) Flash continues to offer attackers an exploitable collection of flaws for the immediate future.<\/p>\n<p>The following chart uses CVE data. Although not every exploitable and exploited condition receives a CVE entry, most flaws that are discovered through security research or reported against major software vendors\u2019 products eventually gains a CVE number that is posted to the <a href=\"https:\/\/cve.mitre.org\/\" target=\"_blank\" rel=\"noopener\">CVE database<\/a> kept by Mitre. Therefore, CVE offers a convenient repository of vulnerability data to aid research.<\/p>\n<p>There was a steady increase in reported vulnerabilities between 2006 and 2014. Then we saw a big jump in 2015 and 2016. Of the 1,050 issues, about 79% (830) gave attackers some sort of code execution capability, though not every one of those 830 flaws allowed remote code execution. Still, an attacker gains a significant advantage from running any code. The McAfee Labs <a href=\"https:\/\/securingtomorrow.mcafee.com\/mcafee-labs\/hackers-bypassed-adobe-flash-protection-mechanism\/\" target=\"_blank\" rel=\"noopener\">analysis<\/a> shows that CVE-2018-4878 was another example of remote code execution, which usually leads to full compromise. This point suggests that Flash vulnerabilities will remain a significant target.<\/p>\n<p>The data source <a href=\"https:\/\/www.cvedetails.com\/\" target=\"_blank\" rel=\"noopener\">CVE Details<\/a> offers the following distribution of Flash CVE vulnerabilities:<\/p>\n<p>In 2015 through 2017, 81% of flaws resulted in code execution of one form or another.<\/p>\n<p>CVE Details also assigns Flash issues with <a href=\"https:\/\/www.cvedetails.com\/cvss-score-charts.php?fromform=1&amp;vendor_id=&amp;product_id=6761&amp;startdate=2006-01-01&amp;enddate=2018-03-07&amp;groupbyyear=1\" target=\"_blank\" rel=\"noopener\">Common Vulnerability Scoring System scores<\/a>. Many issues from 2015\u20132017 earned scores above 9, which is considered severe.<\/p>\n<ul>\n<li>2015: 294 vulnerabilities \u2265 9<\/li>\n<li>2016: 224 vulnerabilities \u2265 9<\/li>\n<li>2017: 60 vulnerabilities \u2265 9<\/li>\n<\/ul>\n<p>These severe scores further highlight why attackers remain interested in exploiting Flash weaknesses; they offer significant \u201cattacker value\u201d for the effort required to exploit them.\u00a0 Looking at the historical distribution of issues, we see a spike in 2015. Then the spike drops off. It was in the latter part of 2014 that Adobe adopted a change in their software security strategy.<\/p>\n<p>\u201c\u2019Finding and fixing bugs isn&#8217;t the way to go, it&#8217;s &#8230; making it harder and more expensive for [attackers] to achieve an outcome,\u201d said Adobe\u2019s Chief Security Officer, Brad Arkin, <a href=\"http:\/\/www.theregister.co.uk\/2014\/10\/16\/adobe_clicktoplay_would_have_avoided_java_zeroday_masscare\/\" target=\"_blank\" rel=\"noopener\">at a conference in October 2014.<\/a> He urged organizations to stop patching every vulnerability and instead increase the cost of exploitation to frustrate attackers. \u201cThe bad guys aren&#8217;t stupid,\u201d he added. \u201cThey are going to apply their resources in the [most] cost efficient way possible, and so they seek to minimize the cost of developing an exploit.\u201d<\/p>\n<p>Adobe\u2019s shift in software security strategy has been to make exploiting issues prohibitively expensive so that attackers will find easier, less resource-intensive, and perhaps more reliable methods. Rather than chase every flaw, Adobe\u2019s approach focuses on building defensive techniques that protect vulnerabilities, just as standard secure development life cycle techniques attempt to prevent new vulnerabilities from being released.<\/p>\n<p>Little in software development happens immediately, especially on a large scale. There is typically a lag\u2014usually one to two years\u2014between a strategy shift and results. In any event, the first issues to be eliminated are often the easiest to fix. As the program\u2019s effectiveness improves, resources are available to address harder problems.<\/p>\n<p>Brad Arkin spoke about a strategy shift in the fall of 2014. We expected that shift to take time, and that is what we see in the data: In 2016, the number of newly discovered issues began to decline. However, the steep increase in vulnerabilities in 2015 and 2016 requires some additional examination.<\/p>\n<p>When security researchers focus on a code base, they generally start by finding the easiest-to-discover issues. As these are found and fixed, researchers probe deeper, shifting to techniques that increase in difficulty. Due to this ever-increasing difficulty, we often see a decrease in discoveries; it takes more time and effort to uncover tricky issues.<\/p>\n<p>Coupling the increasing difficulty of finding problems against the increase in effectiveness of a software security program, we find a distribution like what we have seen with Flash CVE reporting from 2015 through 2017. Until 2015, attackers exploited relatively easy-to-find cross-site scripting errors, but these largely disappeared after 2014. Suddenly, in 2015, there is a huge jump in the discovery of difficult-to-uncover memory issues and code execution opportunities. The leap in the CVE numbers reflects more technically challenging issues surfacing just as Adobe\u2019s software strategy was making its shift.<\/p>\n<p>The new strategy had not had time to be fully effective by 2015. Plus, Flash, like all complex software, carries a large amount of legacy code. Just when researchers were digging deeper and harder into the code base, Adobe\u2019s software security change required not just chasing vulnerability fixes, but also generating protective code and designs\u2014all of which take time to implement. This typical situation explains the influx of critical new issues in 2015, and their subsequent continuous reductions.<\/p>\n<p>Still, no single or collection of security techniques is perfect. In 2017, Flash marked 70 new issues. So far in 2018, three have been discovered. The most recent, CVE-2018-4878, is technically challenging and appears to be within protections that Adobe has placed within byte arrays to prevent these memory structures from being misused. \u201c[CVE-2018-4878] bypassed the byte array mitigation feature that was introduced to prevent \u2018length corruption\u2019 attacks in Flash,\u201d wrote McAfee\u2019s Hardik Shah in <a href=\"https:\/\/securingtomorrow.mcafee.com\/mcafee-labs\/hackers-bypassed-adobe-flash-protection-mechanism\/\" target=\"_blank\" rel=\"noopener\">\u201cHow Hackers Bypassed an Adobe Flash Protection Mechanism.\u201d <\/a><\/p>\n<p>It is just as possible to unwittingly add an exploitation opportunity when implementing software protections as when writing any other code. Of the 73 vulnerabilities discovered in 2017 and 2018, there is no method, without tracking code changes, to know when each of the flaws was introduced. It is likely that some of them arose in code carried forward from earlier versions, that is, from legacy code. Software implementers have a compelling argument to reuse as much code as possible in each new version. It is cheaper because it saves time.<\/p>\n<p>In a product with a history as long as Flash\u2019s (more than 10 years), some of its code was written for a different threat landscape, not for today\u2019s attackers and their more sophisticated tools and techniques. It is reasonable to suspect that a significant portion of the last two years\u2019 worth of newly discovered issues are in code that has been carried into the latest versions. Those flaws contrast with the most recent vulnerability, CVE-2018-4878, which bypasses and abuses protections that were likely put into place after Adobe\u2019s shift in strategy. The code that CVE-2018-4878 abuses was intended to make exploitation of byte arrays \u201cmore expensive.\u201d<\/p>\n<p>To measure the popularity of Flash, we turned to Q-Success\u2019 W3Techs web survey data. The following table shows the use of four client-side languages, with Flash declining steadily since 2011. JavaScript, on the other hand, today is nearly ubiquitous, at 95%. The two leading languages are graphed in the chart that follows the table.<\/p>\n<h2><strong>Historical Yearly Trends in the Usage of Client-Side Programming Languages for Websites<\/strong><\/h2>\n<p><strong>Usage (in % of sites) of Client-Side Programming Languages for Websites<\/strong><\/p>\n<p>From W3Techs data, we can see that Flash use has declined steadily, to only 5% of surveyed web sites. Doesn\u2019t that suggest that Flash exploitation would also decline or even stop? Unfortunately, it does not.<\/p>\n<p>The following W3Techs chart shows that although the number of sites using Flash is fairly low, enough high-traffic sites employ it to keep Flash popular.<\/p>\n<h2><strong>High-Traffic Sites That Still Use Adobe Flash<\/strong><\/h2>\n<p>If popular websites continue to use Flash, then Flash Player will remain in use on users\u2019 machines for some time. Adobe has <a href=\"https:\/\/theblog.adobe.com\/adobe-flash-update\/\" target=\"_blank\" rel=\"noopener\">promised<\/a> to continue supporting Flash Player until the end of 2020. Unfortunately, this means merely that software updates, features, and patches will no longer be added; it does not effectively change Flash\u2019s overall use. Only the end of websites requiring Flash will remove its vulnerabilities from the security picture.<\/p>\n<p>A highly targeted attack may need to compromise only a single computer to access an organization\u2019s digital infrastructure and gain access to strategic targets. That single computer could be running an unpatched or dated version of Flash.<\/p>\n<p>As the use of Flash has declined, client-side JavaScript has become the de facto browser programming language. Yet JavaScript\u2019s takeover does not fully solve the problem because it can deliver a Flash payload. Although some of the Flash vulnerabilities we have analyzed can be exploited remotely, many cannot. An attacker often requires some interaction by the victim to run a Flash exploit. JavaScript has become an increasingly common delivery mechanism for this purpose.<\/p>\n<h2><strong>DIY: Exploits in a Kit<\/strong><\/h2>\n<p>Perhaps more important to attackers is the easy availability of Flash exploits ready to use in numerous exploit \u201ckits.\u201d Kits package all the necessary code to exercise a set of known vulnerabilities. Access to readily available exploits in a kit means far less attacker effort. Kits also \u201clower the technical bar.\u201d Attackers need not understand how an exploit works; they can simply leverage the packages without knowing the technical details.<\/p>\n<p>Old Flash exploits are still available, along with new ones such as CVE-2018-4878, according to Tim Hux of the McAfee Advanced Threat Research team. \u201cThe Bizarro Sundown (aka GreenFlash) and ThreadKit exploit kits added the exploit to their lists last month,\u201d he said. \u201cThe Rig and Magnitude exploit kits added this flaw to their arsenals this month.\u201d<\/p>\n<p>Adding a new exploit does not mean the old ones are no longer available. Exploit kits are additive. The Rig kit, which appeared in 2014, contains the following Flash exploits:<\/p>\n<p>CVE-2013-0634\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 CVE-2015-3113<\/p>\n<p>CVE-2014-0497\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 CVE-2015-5119<\/p>\n<p>CVE-2014-0515\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 CVE-2015-5122<\/p>\n<p>CVE-2014-0569\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 CVE-2015-7645<\/p>\n<p>CVE-2015-0311\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 CVE-2016-1019<\/p>\n<p>CVE-2015-0359\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 CVE-2016-4117<\/p>\n<p>CVE-2015-3090<\/p>\n<p>Old exploits do not die, they just get used less often as software is upgraded to fix earlier versions. If an attacker finds a vulnerable version of Flash in use, kits will have exploits to employ.<\/p>\n<h2><strong>Conclusion<\/strong><\/h2>\n<p>It is difficult, and perhaps impossible, to prove that software is error free. (Alan Turing\u2019s famous proof mathematically shows that automated processes cannot be proved correct through automation.) As famed computer scientist Edsger Dijkstra noted, \u201cTesting shows the presence, not the absence of bugs.\u201d <a href=\"http:\/\/homepages.cs.ncl.ac.uk\/brian.randell\/NATO\/nato1969.PDF\">(\u201cSoftware Engineering Techniques,<\/a>\u201d NATO Science Committee, page 16.) In other words, even software that has passed a battery of security tests before release may still contain exploitable conditions.<\/p>\n<p>From our analysis of the relationship between Flash CVEs and Flash\u2019s ongoing use, especially on high-traffic sites, McAfee\u2019s Advanced Threat Research team believes that Flash vulnerabilities will continue to offer attackers a means toward malicious ends. However, Adobe\u2019s shift in security strategy is an excellent step in reducing the number of newly discovered issues, which should maintain their decline.<\/p>\n<h2><strong>McAfee protections for CVE-2018-4878 <\/strong><\/h2>\n<p>McAfee\u2019s malware engine can parse Flash for malicious content. Customers who have turned on automatic updates or who update regularly have been protected against seven new variants of CVE-2018-4878 since February 6.<\/p>\n<p>McAfee Host Intrusion Prevention signatures 8001, 1149, 6011, and 6010 detect CVE-2018-4878 exploits.<\/p>\n<ul>\n<li>8001 and 1149: On by default, but log only, not block. Customers can select block.\n<ul>\n<li>8001: Suspicious exploit behavior, log only, available in HIPS, not in ENS<\/li>\n<li>1149: CMD tool access by a Windows mail client or Internet Explorer, log only, available in HIPS, not in ENS<\/li>\n<\/ul>\n<\/li>\n<li>6011 and 6010: Off by default. Enabling them may result in an increase of false positives.\n<ul>\n<li>6011: Generic application invocation protection, not present in ENS<\/li>\n<li>6010: Generic application hooking protection, not present in ENS<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2><strong>Recent campaigns exploiting Flash Player Issues<\/strong><\/h2>\n<h4>CVE-2018-4878: Currently being exploited in a massive spam mail campaign.<\/h4>\n<ul>\n<li><a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/vulnerabilities-and-exploits\/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets\">https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/vulnerabilities-and-exploits\/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets<\/a><\/li>\n<\/ul>\n<h4>CVE-2017-11292: Black Oasis Advanced Persistent Threat<\/h4>\n<ul>\n<li><a href=\"https:\/\/threatpost.com\/adobe-patches-flash-zero-day-exploited-by-black-oasis-apt\/128467\/\">https:\/\/threatpost.com\/adobe-patches-flash-zero-day-exploited-by-black-oasis-apt\/128467\/<\/a><\/li>\n<\/ul>\n<h4>CVE-2016-4117: Hidden Cobra APT\/CryptXXX Ransomware\/Erebus APT<\/h4>\n<ul>\n<li><a href=\"https:\/\/www.proofpoint.com\/us\/threat-insight\/post\/cryptxxx-new-ransomware-actors-behind-reveton-dropping-angler\">https:\/\/www.proofpoint.com\/us\/threat-insight\/post\/cryptxxx-new-ransomware-actors-behind-reveton-dropping-angler<\/a><\/li>\n<li><a href=\"http:\/\/securityaffairs.co\/wordpress\/48415\/cyber-crime\/scarcruft-apt.html\">http:\/\/securityaffairs.co\/wordpress\/48415\/cyber-crime\/scarcruft-apt.html<\/a><\/li>\n<\/ul>\n<h4>CVE-2016-1019: Cerber and Locky ransomware\/Hidden Cobra APT<\/h4>\n<ul>\n<li><a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/look-adobe-flash-player-cve-2016-1019-zero-day-vulnerability\/\">https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/look-adobe-flash-player-cve-2016-1019-zero-day-vulnerability\/<\/a><\/li>\n<li><a href=\"https:\/\/www.proofpoint.com\/us\/threat-insight\/post\/killing-zero-day-in-the-egg\">https:\/\/www.proofpoint.com\/us\/threat-insight\/post\/killing-zero-day-in-the-egg<\/a><\/li>\n<\/ul>\n<h4>CVE-2015-3133: CryptoWall Ransomware<\/h4>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2015\/06\/29\/latest-flash-hole-already-exploited-ransomware\/\">https:\/\/nakedsecurity.sophos.com\/2015\/06\/29\/latest-flash-hole-already-exploited-ransomware\/<\/a><\/li>\n<\/ul>\n<h4>CVE-2015-0311: TeslaCrypt and FessLeak\u00a0Ransomware<\/h4>\n<ul>\n<li><a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/analyzing-cve-2015-0311-flash-zero-day-vulnerability\/\">https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/analyzing-cve-2015-0311-flash-zero-day-vulnerability\/<\/a><\/li>\n<li><a href=\"http:\/\/malware.dontneedcoffee.com\/2015\/01\/cve-2015-0311-flash-up-to-1600287.html\">http:\/\/malware.dontneedcoffee.com\/2015\/01\/cve-2015-0311-flash-up-to-1600287.html<\/a><\/li>\n<\/ul>\n<h4>CVE-2014-8439: Cerber Ransomware<\/h4>\n<ul>\n<li><a href=\"https:\/\/www.f-secure.com\/weblog\/archives\/00002768.html\">https:\/\/www.f-secure.com\/weblog\/archives\/00002768.html<\/a><\/li>\n<\/ul>\n<h4>CVE-2015-7645: Cerber and Alpha Crypt Ransomware<\/h4>\n<ul>\n<li><a href=\"http:\/\/malware.dontneedcoffee.com\/2015\/10\/cve-2015-7645.html\">http:\/\/malware.dontneedcoffee.com\/2015\/10\/cve-2015-7645.html<\/a><\/li>\n<\/ul>\n<h6><em>McAfee does not control or audit third-party benchmark data or the websites referenced in this document. You should visit the referenced website and confirm whether referenced data is accurate.<\/em><\/h6>\n<h6><em>McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, LLC or its subsidiaries in the US and other countries. Other marks and brands may be claimed as the property of others. Copyright \u00a9 2018 McAfee, LLC<\/em><\/h6>\n","protected":false},"excerpt":{"rendered":"<p>This post was researched and written by Brook Schoenfield with the assistance of Tim Hux, Abhishek Karnik, Asheer Malhotra, and&#8230;<\/p>\n","protected":false},"author":695,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[5465,5526,5466,4452,4827],"coauthors":[4136],"class_list":["post-88523","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-adobe-flash","tag-advanced-threat-research","tag-cve","tag-cybersecurity","tag-vulnerability"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Despite Decline in Use of Adobe Flash, Vulnerabilities Will Continue to Cause Concern | McAfee Blog<\/title>\n<meta name=\"description\" content=\"This post was researched and written by Brook Schoenfield with the assistance of Tim Hux, Abhishek Karnik, Asheer Malhotra, and Steve Povolny McAfee\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Despite Decline in Use of Adobe Flash, Vulnerabilities Will Continue to Cause Concern | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"This post was researched and written by Brook Schoenfield with the assistance of Tim Hux, Abhishek Karnik, Asheer Malhotra, and Steve Povolny McAfee\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/despite-decline-use-adobe-flash-vulnerabilities-will-continue-cause-concern\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2018-04-17T13:00:02+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-29T10:28:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/04\/Screen-Shot-2018-04-16-at-2.02.14-PM.png\" \/>\n<meta name=\"author\" content=\"McAfee Labs\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee_Labs\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"McAfee Labs\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/despite-decline-use-adobe-flash-vulnerabilities-will-continue-cause-concern\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/despite-decline-use-adobe-flash-vulnerabilities-will-continue-cause-concern\/\"},\"author\":{\"name\":\"McAfee Labs\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\"},\"headline\":\"Despite Decline in Use of Adobe Flash, Vulnerabilities Will Continue to Cause Concern\",\"datePublished\":\"2018-04-17T13:00:02+00:00\",\"dateModified\":\"2025-05-29T10:28:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/despite-decline-use-adobe-flash-vulnerabilities-will-continue-cause-concern\/\"},\"wordCount\":2353,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"keywords\":[\"adobe flash\",\"Advanced Threat Research\",\"cve\",\"cybersecurity\",\"vulnerability\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/despite-decline-use-adobe-flash-vulnerabilities-will-continue-cause-concern\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/despite-decline-use-adobe-flash-vulnerabilities-will-continue-cause-concern\/\",\"name\":\"Despite Decline in Use of Adobe Flash, Vulnerabilities Will Continue to Cause Concern | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"datePublished\":\"2018-04-17T13:00:02+00:00\",\"dateModified\":\"2025-05-29T10:28:29+00:00\",\"description\":\"This post was researched and written by Brook Schoenfield with the assistance of Tim Hux, Abhishek Karnik, Asheer Malhotra, and Steve Povolny McAfee\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/despite-decline-use-adobe-flash-vulnerabilities-will-continue-cause-concern\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/despite-decline-use-adobe-flash-vulnerabilities-will-continue-cause-concern\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/despite-decline-use-adobe-flash-vulnerabilities-will-continue-cause-concern\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Despite Decline in Use of Adobe Flash, Vulnerabilities Will Continue to Cause Concern\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad\",\"name\":\"McAfee Labs\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg\",\"caption\":\"McAfee Labs\"},\"description\":\"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee_Labs\"],\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Despite Decline in Use of Adobe Flash, Vulnerabilities Will Continue to Cause Concern | McAfee Blog","description":"This post was researched and written by Brook Schoenfield with the assistance of Tim Hux, Abhishek Karnik, Asheer Malhotra, and Steve Povolny McAfee","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Despite Decline in Use of Adobe Flash, Vulnerabilities Will Continue to Cause Concern | McAfee Blog","og_description":"This post was researched and written by Brook Schoenfield with the assistance of Tim Hux, Abhishek Karnik, Asheer Malhotra, and Steve Povolny McAfee","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/despite-decline-use-adobe-flash-vulnerabilities-will-continue-cause-concern\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_author":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2018-04-17T13:00:02+00:00","article_modified_time":"2025-05-29T10:28:29+00:00","og_image":[{"url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2018\/04\/Screen-Shot-2018-04-16-at-2.02.14-PM.png","type":"","width":"","height":""}],"author":"McAfee Labs","twitter_card":"summary_large_image","twitter_creator":"@McAfee_Labs","twitter_site":"@McAfee","twitter_misc":{"Written by":"McAfee Labs","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/despite-decline-use-adobe-flash-vulnerabilities-will-continue-cause-concern\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/despite-decline-use-adobe-flash-vulnerabilities-will-continue-cause-concern\/"},"author":{"name":"McAfee Labs","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad"},"headline":"Despite Decline in Use of Adobe Flash, Vulnerabilities Will Continue to Cause Concern","datePublished":"2018-04-17T13:00:02+00:00","dateModified":"2025-05-29T10:28:29+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/despite-decline-use-adobe-flash-vulnerabilities-will-continue-cause-concern\/"},"wordCount":2353,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"keywords":["adobe flash","Advanced Threat Research","cve","cybersecurity","vulnerability"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/despite-decline-use-adobe-flash-vulnerabilities-will-continue-cause-concern\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/despite-decline-use-adobe-flash-vulnerabilities-will-continue-cause-concern\/","name":"Despite Decline in Use of Adobe Flash, Vulnerabilities Will Continue to Cause Concern | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"datePublished":"2018-04-17T13:00:02+00:00","dateModified":"2025-05-29T10:28:29+00:00","description":"This post was researched and written by Brook Schoenfield with the assistance of Tim Hux, Abhishek Karnik, Asheer Malhotra, and Steve Povolny McAfee","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/despite-decline-use-adobe-flash-vulnerabilities-will-continue-cause-concern\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/despite-decline-use-adobe-flash-vulnerabilities-will-continue-cause-concern\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/despite-decline-use-adobe-flash-vulnerabilities-will-continue-cause-concern\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"Despite Decline in Use of Adobe Flash, Vulnerabilities Will Continue to Cause Concern"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/86f325fa6532a017d06d6b49a2f3b1ad","name":"McAfee Labs","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/af947d76ffbef8521094b476cf8050c3","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/Social-Media-PF-Logo-Pic-300x300-2-96x96.jpg","caption":"McAfee Labs"},"description":"McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog posts below for more information.","sameAs":["https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee_Labs"],"url":"https:\/\/www.mcafee.com\/blogs\/author\/mcafee-labs\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/88523","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/695"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=88523"}],"version-history":[{"count":5,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/88523\/revisions"}],"predecessor-version":[{"id":214713,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/88523\/revisions\/214713"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=88523"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=88523"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=88523"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=88523"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}