Flash – ah-ah – Being Taken From the Universe!

adobe flash player legacy solution
By: Martin Sweeney
24/09/2020

How to securely use Flash after it has been deprecated in December 2020

 

Once the “saviour of the universe” for front-end developers, Adobe Flash has more recently been described as “the internet's screen door”, presenting an open invitation to cyber-criminals. And for the many companies still using it, time is rapidly running out.

Flash was once championed by every major web browser, delivering an interactive user experience that was second to none, bringing sound, animation, interactive applications and video to the web at a time when most websites were lifeless and silent.

But as recently as this year, Flash was cited by the US Cybersecurity and Infrastructure Security Agency (CISA) as one of the 10 most routinely exploited vulnerabilities.

Adobe Flash Player - 'the internet's screen door'

As of the 31st December 2020, Adobe will be stopping product and security updates and distribution for Flash Player.  In line with this, Microsoft will no longer support Flash Player on any Microsoft browser - Edge, Edge Legacy or IE11.

The use of Flash Player on public websites has been declining ever since the retirement announcement from Adobe back in July 2017; however, it has not fully disappeared from the web.

Some enterprises still have Adobe Flash based line of business applications; generally, these are business-critical solutions designed to solve a particular business function.  Many enterprises have migrated away from Flash to open standards such as HTML5, WebGL and WebAssembly. But some are either technically “stuck” or have run out of migration time for production environments. So, what are the options available to enterprises that have not been able to replace their intranet Flash based products in time for the end of support this year?

Unsupported Usage

Enterprises may be willing to continue using Flash Player in an unsupported manner (no support or security updates by either Adobe or Microsoft). However, there will be ongoing moves to remove Flash that will need close OS and browser management.  Microsoft has released a Flash removal tool via Update Catalog, Windows Update and WSUS that will permanently remove Flash Player as a component of Windows OS.  This update will start as optional and become recommended early in 2021. Once the update is installed it is permanent and cannot be uninstalled. Later in 2021 all APIs, group policies and user interfaces that govern Flash Player on Windows will be removed from Edge and IE11.

Paid-for Support

For those enterprises wanting to continue supported usage of Flash Player then commercial support and licensing is available via Adobe distribution licensing partners, but not Adobe itself. An Adobe licensing partner will look to assist with transition to alternative technologies, create custom applications to load flash content, or provide updated installers that will allow Flash to run with certain bespoke browsers in an internal environment.

Legacy Provisioning

There are low cost of entry options available to plug the gaps for enterprises. They range from browser-based URL management and Flash isolation, which virtualises and injects Flash on demand while keeping it off the file system, to full containerisation options (thick client or hybrid). Either option brings enhanced security and locks down Flash Player, allowing you to use Flash securely after it has been deprecated.

Which is the ideal solution for your Flash Player challenge really depends on what you need to achieve. Goals could be to extend Flash Player availability for a short period while an alternative solution is being developed or procured, or you may want to set-and-forget a solution that will allow continued access to a Flash Player-based system for perpetuity, for instance for financial record regulations.

Summary

Enterprises that have an ongoing requirement for internal Flash Player applications post December 2020 have three options: complex ongoing administration to allow an unsupported player to operate, paid for third-party support, or legacy provisioning.

To discuss your challenge, and to quick assess the Legacy Provisioning options available, please give APPtechnology a call.  As the deadline looms and speed is of the essence, we can generally demonstrate a working solution within 72 hours, and provide pilot engagements so you can see and test the recommended solution in a Model Office or Pre-Production scenario. 

References:

Windows Statement
Adobe Statement

X