Criminals often exploit vulnerabilities in Adobe Flash to deliver malware to computers. Adobe updates Flash regularly to plug newly discovered security holes, but it can be difficult for end users to keep up with them all. Recently, for example, Adobe released an emergency patch to fix a security hole that enabled criminals to deliver ransomware, even though Flash had just been updated the previous week.
A great way for users to protect themselves is to enable click-to-play in their web browsers. When click-to-play is enabled, Flash content doesn’t play automatically–it only plays when the user gives it permission to run. In this article, the always excellent Graham Cluley (@gcluley) explains how to enable click-to-play in Chrome, Firefox, Internet Explorer, Opera, and Safari.
If you can live without Flash, I recommend uninstalling it altogether. If you need Flash, make sure that you keep it up-to-date and that click-to play is enabled. Enabling click-to-play is not a substitute for keeping Flash updated, but it does give the user an extra layer of protection.