For the time being, it appears other browsers will continue to run non-essential Flash content -- and ads -- normally, which leaves plenty of users still at risk.
"Flash today, PDF tomorrow, Java anytime," said Patrick Belcher, director of security analytics at Invincea.
Researchers don't have exact figures for the number of people affected in the last round of malvertising attacks, but Malwarebytes noted that Yahoo and its sub-sites have just under 7 billion visits per month and MSN has 120 million visits per month. Not everyone saw malicious ads, and even then, only users with vulnerable software were impacted.
It's encouraging to see some progress on how online advertisements are displayed, even if they are isolated moves. Amazon also announced it would no longer display Flash ads on its sites starting Sept. 1, for example.
Google has a significant slice of the display ads market, but there are many other ad networks. The industry still needs to come to consensus on ensuring that cyber criminal advertisers don't infiltrate networks with bad advertisements.
Sign up for CIO Asia eNewsletters.