The Adobe Flash Player just closed out the year with another clump of bug fixes; nineteen were released today. The requisite articles have started to appear, but none will be like this one. Taking a step back, I'm offering some perspective.
For the year, Flash averaged 6.1 bug fixes per week. Think of it as a bug fix every day, but taking Sundays off to rest.
There was a flood of fixes at the end of the year. From mid-October on, Adobe fixed 113 bugs, roughly 1.5 per day.
The final tally for 2015 is 316 Flash Player bugs. This, for software that is over 18 years old.
Back in May, I also blogged about the torrent of Flash bugs. At the time, I calculated that from May 2014 to May 2015 there were 143 bugs or roughly 12/month. In 2015, Flash averaged just over 26 bugs/month. Things are getting worse.
Based on these numbers, you can rest assured that when you wake up on New Years Day, Flash will be vulnerable to three new flaws.
Personally, as a Windows user, I limit Flash to the Chrome Browser and prevent it from running by default. This is often called "click to play" but its currently enabled by clicking the "Let me chose when to run plugin content" radio button (Settings -> Show advanced settings link -> Content settings button -> Plugins section). Thankfully, in my preferred edition of Windows, version 7, both Firefox and Internet Explorer ship without Flash.
A heads up though to my fellow Chrome browser users - you can't trust Chrome when it says it is up to date.
Many times, including once today, I have seen it report that everything is up to date in Kansas City when, in fact, Flash was not at the latest version. So instead, check here to insure that Flash is really up to date.
Spy agencies and criminal gangs are probably thanking Adobe this holiday season. I wonder if any sent a gift.