Flash must be close to the top in insecurity. It seems like barely a month goes by without another vulnerability being found. Wordpress is close by, and php pretty bad.
I can live without Wordpress (this blog doesn't use it) and php (I use perl). But so much of what I need to do, requires Flash. Even a security site that I used to use for checking my compliance with PCI DSS (the Payment Card Industry's Data Security Standard) uses Flash. I'm glad to say, I don't use that site any more. My main use of Flash is youtube - yes, I'm a youtube addict. I use it like Radio 4, playing in the background. I watched The Knowledge recently. I watch Colin Furze's latest lunacies. I worked my way through all the Jeeves and Wooster (Fry and Laurie) series. So I need to keep my Flash updated, to avoid the constant series of vulnerabilities.
I was on version 22.214.171.1241, and I need to update to 126.96.36.1990 (and so do you). It's always a hassle.
In addition, I don't let Flash play automatically. Because if I did, and I accessed something that exploited the latest vulnerability, then I'm in trouble. Instead, I make it ask me each and every time it wants to play, which is a minor nuisance, but I think worth while.
The price of security is eternal vigilance.