Skip to Content
Technical Articles

How to keep Enterprise Flash Applications accessible in 2021

Introduction

As Adobe announced, Flash player support will be dismissed end of 2020/beginning of 2021.

If enterprises are running applications based on Adobe Flash, it is strongly recommended to migrate them and disable Adobe Flash Player on all clients, as also security fixes will be discontinued.

For some cases though, there might be no migration options due to several reasons – and in order to continue operations, it will then be necessary to keep Flash Player active for a number of clients.

This blog post shall give an overview about findings and the impacts of the Flash Player End Of Life, in case you require to continue running Flash-based applications in 2021.

SAP has published e.g. Note 2993618 regarding this topic covering official information.

The company HARMAN is taking over the official role of a distributor for enterprise customers and will deliver maintenance for Adobe Flash.

In case you are insecure, you should rather get in contact with HARMAN.

If you try to keep Flash running on your own, always keep in mind the security risk of running outdated or unpatched software – and secure it in other ways.

Announced facts about end of flash support

  • Adobe will stop supporting Flash after December 31st, 2020
  • Browser Vendors have announced to remove support for flash plugins and APIs starting early 2021.
  • Adobe Flash installations have a system-time-controlled “kill switch” that blocks functioning as of January 12th 2021
    • This can already be observed by setting a client’s time ahead to a later date
  • Adobe announced to shut down distribution sources beginning of 2021 which might stop online installers and referencing package distributions (e.g. on Linux) from working

 

Possible Mitigations

  • Install Flash on your machines within year 2020
    • In case you have problems installing flash on your machine, you can acquire full installers for your machine from help page, section “Still having problems”, at least until end of 2020.
  • Apply mms.cfg to disable the “kill switch” in client flash installations, according to Adobe Flash Admin Guide
    • You can also use the configuration to restrict flash usage to whitelisted systems only – this will help you to reduce security risks of flash usage
  • A Microsoft blog previews that a cumulative update or monthly rollup will remove policies regarding Flash Player as of summer 2021 for Internet Explorer and Microsoft Edge
    • By blocking or not installing the optional KB for removal, it might be possible to continue running flash in Internet Explorer or Edge legacy mode until summer, blocking the announced cumulative update/rollup even further
  • Install a browser version that still supports flash and disable automatic browser updates
  • The open source community heavily increased push frequency on flash support, e.g. in Lightspark or Ruffle and might be a solution for a rising number of use cases while not having 100% coverage yet

 

An example of a working mms.cfg file can e.g. contain the following (replace the AllowListUrlPattern parameter with a host and port that matches for your scenario):

EOLUninstallDisable=1
SilentAutoUpdateEnable=0
EnableAllowList=1
AutoUpdateDisable=1
ErrorReportingEnable=1
AllowListUrlPattern=https://my-flash-host:8443

Location of the file can be derived from Adobe Flash Admin Guide. Examples:

  • MacOS: /Library/Application Support/Macromedia
  • Windows x86: C:\Windows\System32\Macromed\Flash
  • Windows x64: C:\Windows\SysWow64\Macromed\Flash

I personally tested MacOS and Windows Server 2016 on my machines using the config above with Firefox ESR (version 78.5.0esr) – I cannot guarantee it working in your environment, but I will keep testing and add further information to this blog post.

 

Summary

If you need to continue using Browser-Flash applications in 2021, you have a few options to do so.

According to the announced information, for working environments there should not be an impact before January 12th.

  1. HARMAN can help you with a supported enterprise distribution of Flash Player as “Packaged Browser” solution
  2. If you have got Flash already installed on your machines, it might be sufficient to block updates for one specific browser such as Chrome, Chromium-based browsers (like e.g. the new Microsoft Edge) or Firefox (ESR) and apply an mms.cfg as in the example above
  3. If you are using Microsoft Internet Explorer or Edge Legacy mode, make sure to not install or block the Windows updates containing the removal of Flash as well as Flash integration components on the clients where you need to continue running flash. Also you might require to add the mms.cfg as above

If you have got a working environment, it might be beneficial to save a backup/snapshot of it – in case you need to restore due to a failure or by error installed an update removing functionality.

Neither SAP nor I can give any warranty or official support for Adobe Flash and if you repeat any steps  described here, it is on your own risk.

I will update this blog post with findings that arise in the future, as the current situation is only a preview on the options available.

Be the first to leave a comment
You must be Logged on to comment or reply to a post.