A study from GeoEdge, an ad scanning vendor, reveals that Flash has been wrongly accused as the root cause of today's malvertising campaigns, but in reality, switching to HTML5 ads won't safeguard users from attacks because the vulnerabilities are in the ad platforms and advertising standards themselves.
The evidence exists to proclaim Flash as one of today's most vulnerable and insecure software applications. Targeted in cyber-espionage and malvertising campaigns, Flash has gotten a bad reputation, and for a good reason.
Security researchers have discovered vulnerabilities in Flash almost every month, and for many years, Adobe has been slow to patch them. Things changed recently after browser vendors threatened to have the plugin disabled for most of their users.
But Adobe's new approach to Flash security issues came a little too late, as the community had already worked for years at adding the appropriate features to HTML5 and other standards in order to replace Adobe's piece of junk.
HTML5 was officially released in October 2014, and slowly but surely, started to replace Flash in the advertising market, where many ad networks such as Google and Amazon have announced they'll stop taking static Flash ads, even if still allowing Flash for video ads.