How to make sure Adobe Flash is up-to-date and enabling it on-demand

Since vulnerabilities in Flash are increasingly being targeted by exploit kits in order to distribute malware on vulnerable computers, it is important to use an up-to-date version. Here is a step-by-step procedure to check your current version and, if necessary, update Adobe Flash.

Is my Flash plugin up-to-date?

Adobe provides a page that will tell you which version is currently loaded in your browser by clicking on the “Check Now” button.


In the event that your Flash is out of date the page will show a warning like the one below. In this case follow the instructions on the page to download and install the latest version.



For Google Chrome, the browser comes with its own version of Flash and is updated automatically. Just make sure you have the latest version of Chrome.

flash 3

Enabling automatic updates of Flash

Flash can be configured to download and install updates automatically. On Windows, open the Control Panel and then the Flash Player menu item.

flash 4

Then click on the Advanced tab. On recent Windows systems the update options probably be grayed out, click the Change Update Settings button. Finally select either to automatically install updates or to notify when updates are available.

flash 5

Enabling Flash on-demand

It is possible to configure browsers to ask before loading Flash objects which is an extra step you can take to limits risks of infection.


In Firefox, this can be done by going in the Add-ons menu, clicking the Plugins pane and selecting “Ask to Activate” for the Shockwave Flash plugin.

flash 6

flash 7

The next time a Flash object is loaded on a webpage Firefox will display a grey box, click on it to activate it. You can select to automatically load Flash on domains you trust.

flash 8

flash 9

Google Chrome

In Google Chrome, go to the Settings menu.

flash 10

Then in the search box type ‘click to play’. Google Chrome will highlight the Content settings button. Click on it to open the menu.

flash 11

Scroll down until the click to play item appears and select it. You can add domains on which to automatically activate plugin by clicking the Manage Exceptions button. Finally click the Done button at the bottom of the dialog to save the settings.

flash 12

The next time a Flash object is loaded on a webpage Google Chrome will display a grey box, click on it to activate it.

flash 13

Internet Explorer

Internet Explorer does not offer a way to activate Flash on demand. However it is possible to configure it to allow Flash only on specific domains. To do that first open the Manage add-ons menu.

flash 14

Then under the Toolbars and Extensions pane, right-click on the “Shockwave Flash Object” plugin and click on the More information menu item.

flash 15

Then on the next dialog click on the Remove all sites button and close the window.

flash 16

The next time a Flash object is loaded on a website Internet Explorer will display a dialog at the bottom of the window, click the Allow button to enable Flash on that website.

flash 17

360b /

Author Sébastien Duquette, ESET

  • tufsoft

    I’ve just disabled it, it mostly only plays ads anyway

  • balance

    Flash should be OUTLAWED period. Not only is it a security flaw in itself, this so called player is a major resource hog causing unnecessary bandwidth use. On top of that it can and does cause website slow downs as the dumb thing has to be loaded up into active memory.

  • rugk

    This add-on for Firefox is very useful too:

    Especially because Adobe Flash has a quite bad update routine. The updates aren’t downloaded automatically, you only get a notification and have to visit the website were you get a installer that contains PUA.
    Only in some cases or after a quite long delay it updates really automatically when set the setting to do so, but this is are exceptions.

  • Sammy J

    Other than malware designers and advertising agencies, is there anyone who actually likes Flash? *chirp chirp chirp*

  • mechBgon

    For IE, I recommend enabling ActiveX Filtering (gear icon > Safety). This switches all ActiveX add-ons to a deny-by-default setting. For sites where it’s needed, click the blue slashy-circle icon in the address bar to enable it as desired.

Follow us

Copyright © 2017 ESET, All Rights Reserved.