Paul Ducklin piece on the latest Adobe Flash 0-day vulnerability, Adobe ships 0-day patch for Flash – get it while it’s hot!, prompts me to ask:
Has Adobe Flash Ever Been Secure?
As of today, the National Vulnerability Database, searching on Adobe Flash produces 797 “hits.”
CVE, using Adobe Flash as the search string, produces 799 “hits.”
Finding the periods, if any, where Flash has been secure, would be a much shorter listing.
In lieu of such a list, however, I have to also ask:
Why are you using Flash to deliver or consume content?
Adobe Flash is a major security problem.
Patching Flash isn’t the solution.
Deleting Flash is.
There is an unfortunate amount of content delivered using Flash.
My solution? No content is worth Adobe Flash vulnerabilities. Ask the content provider to supply content in another format.