macOS - Software - Uninstall Adobe Flash Player

What the Adobe Flash Player removal Worklet does

This Automox Worklet™ detects Adobe Flash Player on macOS endpoints and removes it using Adobe's official uninstaller. The evaluation phase looks for the legacy preference pane at /Library/PreferencePanes/Flash Player.prefPane and the browser plug-in at /Library/Internet Plug-Ins/Flash Player.plugin. Either artifact is enough to mark the endpoint non-compliant and schedule remediation.

The remediation phase fetches the signed uninstall_flash_player_osx.dmg from Adobe's distribution servers, mounts the disk image, and runs the Adobe Flash Player Install Manager binary inside with the silent uninstall flag. The script picks the correct uninstaller build based on the macOS version returned by sw_vers, unmounts the DMG, and re-runs the evaluation check to confirm the preference pane and plug-in are gone before exiting.

Because the evaluation is idempotent, the policy is safe to schedule on a recurring cadence. Endpoints that have already had Flash removed report compliant on the first pass and skip the download entirely. Only endpoints still carrying the prefPane or plug-in trigger remediation, which keeps network traffic and uninstaller runs proportional to the size of the remaining footprint.

Why retire end-of-life Adobe Flash Player from the fleet

Adobe Flash Player reached end of life on December 31, 2020. Adobe stopped issuing security patches on that date and added a runtime kill-switch that blocked all Flash content beginning January 12, 2021. Safari, Chrome, Firefox, and Edge each removed their Flash integration in the same window. The plug-in still installed on a Mac today executes no useful content. It remains on disk as an unpatched local code path with a long history of remote-code-execution CVEs, including CVE-2020-9633 and the broader Flash advisory backlog, that will never receive a fix.

The technical fix for an end-of-life Flash install is straightforward: run Adobe's signed uninstaller and confirm the prefPane and plug-in paths are gone. The operational problem is the long tail of Macs the fix has not reached yet, including marketing iMacs that have not been reimaged in three years, contractor laptops returned with the runtime still installed, and inherited fleets brought in through an acquisition. Carrying Flash on any of those endpoints also creates audit findings under the CIS macOS Benchmark third-party software hygiene controls in section 2.2, and against NIST 800-53 SI-2 (Flaw Remediation), which expects unsupported software to be removed rather than tolerated.

How Adobe Flash Player removal works

1. Evaluation phase: The script checks for /Library/PreferencePanes/Flash Player.prefPane and /Library/Internet Plug-Ins/Flash Player.plugin on the endpoint. If either path exists, the Worklet exits non-zero and the endpoint is flagged non-compliant. If neither path is present, the Worklet exits 0 and no remediation runs.

2. Remediation phase: The script reads the macOS version with sw_vers -productVersion, picks the matching Adobe uninstaller URL, downloads uninstall_flash_player_osx.dmg into /tmp with curl, and mounts it with hdiutil attach. It then invokes the Adobe Flash Player Install Manager inside the mounted volume with the -uninstall flag and waits for the uninstaller to complete. The script detaches the DMG with hdiutil detach and removes the downloaded image from /tmp. A second evaluation pass confirms the prefPane and plug-in paths are gone before the script exits 0.

Adobe Flash Player removal requirements

• macOS 10.6 or later (the Worklet selects the legacy uninstaller for earlier releases automatically)

• Outbound HTTPS from the endpoint to Adobe's distribution host so curl can pull uninstall_flash_player_osx.dmg

• Root privileges for the Automox agent (the default agent context already meets this requirement)

• Standard macOS tooling on PATH: hdiutil for mounting the DMG, curl for the download, sw_vers for the version check

• FixNow compatible (RunNow feature) so the policy can be triggered on demand against a single endpoint or a target group

Expected state after Adobe Flash Player removal

After a successful remediation, /Library/PreferencePanes/Flash Player.prefPane and /Library/Internet Plug-Ins/Flash Player.plugin no longer exist on the endpoint, and the Adobe Flash Player Install Manager application is removed from /Applications/Utilities/. The downloaded uninstaller DMG is unmounted from /Volumes and the /tmp copy is deleted, so the remediation leaves no working files behind.

Validate by running ls /Library/Internet\ Plug-Ins/ on the endpoint and confirming Flash Player.plugin is absent. Then open System Settings (or System Preferences on older macOS) and confirm the Flash Player pane is gone from the third-party preferences row. For audit evidence, the Automox activity log shows exit code 0 from remediation along with the version of the uninstaller that ran. Subsequent policy evaluations report the endpoint compliant on the first pass and skip the download, so the fleet-wide cost of holding the baseline drops to a single existence check per endpoint per run.