Adobe, please give us a solution, we need our application today or our business cannot continue.
We know about the danger of using Flashplayer but it's our own application, we use separate computers just for this.
At least give us an old version that doesn't block our own content.
If you're on Linux and have a system version of Flash Player installed, there are some simple hacks you can do to get it running in a browser by circumventing the timebomb. This is obviously massively insecure, so I wouldn't use this trick for random Flash executables, only with your own software you created and only as a stop-gap as you work to rewrite it.
There's a package called faketime (https://packages.ubuntu.com/xenial/utils/faketime) which will let you pass whatever time you want to a process you start with it; install with sudo apt install faketime. Then you can download a separate browser to use just with your Flash apps; Pale Moon version 28.16.0 works for sure (https://linux.palemoon.org/) and can be run from a folder without an install. Then simply start the browser using faketime: faketime '2020-12-03 08:15:42' ~/Desktop/palemoon/palemoon
And from there make sure you deny any updates to Flash or the browser you're using, just to make sure it will keep going. Again all this is massively insecure so you should only be using the browser to access apps you wrote yourself as you work to migrate off Flash.
If you can use mms.cfg with Enteprise Enablement, that's way better.
The worry that we're really trying to address is the scenario when (because it's when, not if) the malware/ransomware guys find an 0-day in Flash a year or two down the road, and they start pumping out malicious banner ads to cause widespread damage on users that never update.
By limiting that unmaintained Flash Player to loading just stuff that you trust, you're making it much harder for an attacker to deploy malicious content that would actually run. By defeating the time-bomb, you're setting the player to load everything from the open web. An unmaintained Flash Player is not suitable for browsing the open web. That's just misery waiting to happen.
Given that I don't have a better solution in-hand, I don't hate this recommendation (the latest Firefox ESR still supports Flash and is probably a better choice from a browser-security perspective), but please be smart and mitigate your risk. If your configuration doesn't need to browse the web, take measures to ensure that it can't (force Firefox through a local proxy that limits access to your network, use clever routing rules, etc.).
Writing the "sorry you got hacked, nuke your computer, change all your passwords and lock down your credit file" posts are always depressing, especially when it's avoidable.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
AdChoices