By design, Adobe Flash was insecure and allowed code to either pretend to be something on your system or actually hook operating functions that should be reserved for local administrators.

The problem however was not with Flash itself, but with the browser plugin that co-opted your web browser to run Flash programs. It combined the insecurities of Flash with the insecurities of the browser plugin architecture making it almost impossible to properly secure the browser when the plugin was enabled.

As a response, HTML5 was created that allowed the same functionality as Flash Plugin, but built on top of an architecture that built security into the basic design. Apple famously adopted this for Mobile Safari and refused to support browser plugins at all.

Years later in 2017, after Adobe had already switched all its products to producing HTML5 instead of Flash, they decided it was time to stop pouring money into monthly security patches for Flash Plugin, and announced an end of life date (last December). When December rolled around, they published one final update: an update that disabled Flash permanently and informed the user they should switch to HTML5.

To more directly answer your question: malware authors were constantly finding and abusing exploits within Flash they used to install malware on victims’ computers — bitcoin miners, ransomware, botnets, credit card and account scrapers, etc. Every time Adobe fixed something, two more vulnerabilities would be abused to attack real people.

You already have the answer to your question.

A rough analogy, if you owned a store, would you continue selling a food product from a third party that had low quality and regularly made some customers sick? It would lower the reputation of your store and also increase your liability.

The companies that make browsers are like a store owner. Why would they allow a product that has major security holes into their product offering? Especially since even the maker of said product says “we’re not going to support and improve it anymore”.

The thing about Flash has two pieces to it.

1) **Adobe stopped developing it.** Technologies like HTML5 do most of what Flash was capable of, so Flash was rendered obsolete in most ways. Why would Adobe keep supporting a clunky, old thing that was riddled with security issues and has a replacement that’s better in almost every way?

2) **Browsers stopped supporting Flash.** Even if Adobe stopped *patching* Flash, you could still *run* existing versions. And that’s still true, you can find programs that run Flash. But web browsers aren’t it. They completely dropped it. Why? Well, why would you want to support running an old, derilect technology riddled with security issues that will never be patched ever again? That’s just asking for your users to be abused as new exploits are discovered and there’s nothing they can do about it. Best to just drop it to protect their users.

It had many many security flaws and was just outdated. Many websites switched to something else and it wasn’t in high demand. Plus it was cheaper for adobe.
Edit: spelling

Rule 2.

Better to check r/outoftheloop.