United States Senator, Ron Wyden, sent a letter to national agencies on Wednesday demanding cooperation to end government use of Adobe Flash.
Scheduled to stop receiving updates and therefore disappear starting 2020, Adobe Flash Player is continuously plagued by critical vulnerabilities. 'Zero-day' flaws in the software were patched just this year, but only after threat actors exploited them in targeted attacks.
Immediately after Adobe announced plans to retire the plugin a year ago, Apple, Facebook, Google, Microsoft and Mozilla decided on a strategy to completely remove Flash support from their products.
Enviado al Director del Instituto Nacional de Estándares y Tecnología (NIST) Walter G. Copán, el Director General de la Agencia Nacional de Seguridad Paul M. Nakasone y el Secretario del Departamento de Seguridad Nacional Kirstjen Nielsen, la carta del Senador Wyden (PDF) solicita el final del uso gubernamental de Flash en agosto de 2019.
El Senador Wyden no solo menciona el inminente final del soporte técnico para Flash, sino también las vulnerabilidades de seguridad heredadas en el complemento como la razón principal para deshacerse de él.
“Expertos técnicos reconocen ampliamente que Flash está plagado de serios problemas de seguridad cibernética que podrían permitir a los atacantes tomar el control completo de la computadora de un visitante, deeply penetrating their digital life”, says the letter.
The United States Computer Emergency Readiness Team (US-CERT) warned about the risks of using Flash nearly a decade ago, according to the letter.
“The U.S. government. UU. must begin moving away from Flash immediately, before it is discontinued in 2020”, says Senator Wyden. It also noted that the federal government has not transitioned from closed software, as was the case with Windows XP, which cost millions for premium support after its end of life 2014.
The three agencies, it says, provide most of the cybersecurity guidance to government agencies, therefore they must ensure that federal workers are protected against the cyber threat.
“To date, their agencies still need to issue public guidance for the inevitable transition from Flash. a critical deadline is approaching: the government must act to prevent the security risk posed by Flash from reaching catastrophic levels “, the letter reads.
The Senator asks NIST, NSA, and DHS to require that no new Flash-based content be implemented on federal websites within the 60 days and that all Flash-based content be removed from federal websites before 1 August 2019.
Flash should also be removed from agency employees' computers by that date, Wyden said.