Highlighted

Shockwave Flash has crashed - 27.0.0.170 - VMWare

Community Beginner ,
Oct 16, 2017

Copy link to clipboard

Copied

I have a customer base that connected to vCloud Director.  Since the release of 27.0.0.170 we are receiving the Shockwave Flash has crashed.

All browser / All Windows OS (7 & 10)

Reverting to version 27.0.0.159 fixes the issue.

[moderator: Added 'VMWare' to title to aid other users who are having the same issue in finding this topic]

Thanks, and sorry for the inconvenience.  We're aware of the issue and are investigating to see if we can provide some relief.

For background, to address the security issue discovered in the wild that prompted this release [1], we more tightly enforce rules in the initial validation of the SWF bytecode.  For some reason, the SWF that VMWare uses is failing those validation checks.

This has always been the case, but weren't treating the validation failure as fatal, and would apply some more nuanced heuristics.  We're now aborting immediately at the validation failure to ensure that we're addressing the entire set of possible related issues.

It's not immediately clear why it happens to be this particular SWF, but it's old, and there's the possibility that a compiler bug or third-party toolchain created some invalid bytecode that wouldn't normally exist in an equivalent SWF compiled from a newer toolchain.

We're now looking to see if we can be a little more surgical and allow this content to run normally again, now that we've made it through the immediate priority of addressing the vulnerability being abused in the wild.  We'll be happy to update the thread as we have new information about the availability of a fix, etc.  In the meantime, we'd strongly recommend using Flash Player 27.0.0.170 for general browsing, and keeping a dedicated VM or browser with Flash Player 27.0.0.156 for the specific task of accessing this content.

[1] Adobe Security Bulletin APSB17-32 - https://helpx.adobe.com/security/products/flash-player/apsb17-32.html

Views

44.0K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Shockwave Flash has crashed - 27.0.0.170 - VMWare

Community Beginner ,
Oct 16, 2017

Copy link to clipboard

Copied

I have a customer base that connected to vCloud Director.  Since the release of 27.0.0.170 we are receiving the Shockwave Flash has crashed.

All browser / All Windows OS (7 & 10)

Reverting to version 27.0.0.159 fixes the issue.

[moderator: Added 'VMWare' to title to aid other users who are having the same issue in finding this topic]

Thanks, and sorry for the inconvenience.  We're aware of the issue and are investigating to see if we can provide some relief.

For background, to address the security issue discovered in the wild that prompted this release [1], we more tightly enforce rules in the initial validation of the SWF bytecode.  For some reason, the SWF that VMWare uses is failing those validation checks.

This has always been the case, but weren't treating the validation failure as fatal, and would apply some more nuanced heuristics.  We're now aborting immediately at the validation failure to ensure that we're addressing the entire set of possible related issues.

It's not immediately clear why it happens to be this particular SWF, but it's old, and there's the possibility that a compiler bug or third-party toolchain created some invalid bytecode that wouldn't normally exist in an equivalent SWF compiled from a newer toolchain.

We're now looking to see if we can be a little more surgical and allow this content to run normally again, now that we've made it through the immediate priority of addressing the vulnerability being abused in the wild.  We'll be happy to update the thread as we have new information about the availability of a fix, etc.  In the meantime, we'd strongly recommend using Flash Player 27.0.0.170 for general browsing, and keeping a dedicated VM or browser with Flash Player 27.0.0.156 for the specific task of accessing this content.

[1] Adobe Security Bulletin APSB17-32 - https://helpx.adobe.com/security/products/flash-player/apsb17-32.html

Views

44.0K

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Oct 16, 2017 0
Adobe Employee ,
Oct 16, 2017

Copy link to clipboard

Copied

Thanks, and sorry for the inconvenience.  We're aware of the issue and are investigating to see if we can provide some relief.

For background, to address the security issue discovered in the wild that prompted this release [1], we more tightly enforce rules in the initial validation of the SWF bytecode.  For some reason, the SWF that VMWare uses is failing those validation checks.

This has always been the case, but weren't treating the validation failure as fatal, and would apply some more nuanced heuristics.  We're now aborting immediately at the validation failure to ensure that we're addressing the entire set of possible related issues.

It's not immediately clear why it happens to be this particular SWF, but it's old, and there's the possibility that a compiler bug or third-party toolchain created some invalid bytecode that wouldn't normally exist in an equivalent SWF compiled from a newer toolchain.

We're now looking to see if we can be a little more surgical and allow this content to run normally again, now that we've made it through the immediate priority of addressing the vulnerability being abused in the wild.  We'll be happy to update the thread as we have new information about the availability of a fix, etc.  In the meantime, we'd strongly recommend using Flash Player 27.0.0.170 for general browsing, and keeping a dedicated VM or browser with Flash Player 27.0.0.156 for the specific task of accessing this content.

[1] Adobe Security Bulletin APSB17-32 - https://helpx.adobe.com/security/products/flash-player/apsb17-32.html

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 16, 2017 4
Community Beginner ,
Oct 16, 2017

Copy link to clipboard

Copied

Thank you very much.  Is there a timeline for an updated release that handles the validation for VMWare?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 16, 2017 0
Adobe Employee ,
Oct 16, 2017

Copy link to clipboard

Copied

Without a fix committed and tested, any guess I gave you about when the patch would land wouldn't be very meaningful.  The target would be to drop something as soon as possible in a beta as pain relief and shoot for November's patch Tuesday as the mainstream release vehicle, but the most important thing is that we maintain the integrity of the mitigation we've deployed for the security issue.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 16, 2017 0
New Here ,
Oct 17, 2017

Copy link to clipboard

Copied

I am one of the UI managers at VMware. How can we help you with this? Can we instrument our code or do anything else to help isolate the issue?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 17, 2017 0
Adobe Employee ,
Oct 17, 2017

Copy link to clipboard

Copied

Thanks for reaching out!  I think we're actually okay at this point.

We checked in a candidate fix late yesterday.  The builds ran overnight, so we'll start evaluating them today.  Assuming that both the functional fix and original security mitigation pass muster (I'm fairly confident they will), it should land in a beta early next week.  We have some external operational constraints that preclude doing a drop sooner.

In terms of what happened, there's a java-style idiom that you use (presumably for library versioning) that uses undefined functions (i.e. functions with blank bodies) that are called repeatedly.  When compiled, this resulted in bytecode that was getting flagged.  We've been able to safely make affordances for it.  This approach seems to be pretty rare (the number of distinct SWFs impacted appears to be very small at this point), but whenever we ding a relatively obscure edge case like this, it's invariably an important enterprise application that breaks.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 17, 2017 2
New Here ,
Oct 17, 2017

Copy link to clipboard

Copied

Hi,

How do you revert to version 27.0.0.159 when I don't have it. I uninstalled and reinstalled flash but doesn't help.

Also looking at this workaround Shockwave Flash crashes with vSphere Web Client 6.x (2151945) | VMware KB didn't help, same issue.

I can't wait until November to have see if something works.

Thank you

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 17, 2017 0
Community Beginner ,
Oct 17, 2017

Copy link to clipboard

Copied

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 17, 2017 2
New Here ,
Oct 17, 2017

Copy link to clipboard

Copied

thanks upn0rth. I downloaded it. Uninstalled the current version, rebooted and installed 27.0.0159 and worked again in Chrome.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 17, 2017 0
New Here ,
Oct 18, 2017

Copy link to clipboard

Copied

Like madmax, we too are not in a position to wait for November. We have 2000 users unable to access their vApps + VM consoles through vCloud Director right now. Downgrading flash to the vulnerable version in our enterprise is not an option.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 18, 2017 0
New Here ,
Oct 18, 2017

Copy link to clipboard

Copied

Has this issue been assigned a bug in https://tracker.adobe.com?

A comment on the Chrome bug

774862 -  Chrome crashes when accessing vSphere Web Client and other VMware products using Flash int...

references this Adobe bug FP-4198653...

Tracker

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 18, 2017 0
Community Beginner ,
Oct 18, 2017

Copy link to clipboard

Copied

I can confirm that 27.0.0.180 allows access to vCloud.  The install was downloaded from Adobe Flash Player 27 Beta page.

Download Adobe Flash Player 27 Beta for Desktops - Adobe Labs

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 18, 2017 2
New Here ,
Oct 18, 2017

Copy link to clipboard

Copied

Interesting. Its release notes state:

Known Issues

Oct 17, 2017

Flash Player Flashplayer quits unexpectedly when logging into VCD (Virtual Cloud) Portal(FP-4198649)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 18, 2017 0
Adobe Employee ,
Oct 18, 2017

Copy link to clipboard

Copied

27.0.0.180 fixes the vCloud/vSphere crash and is now available from the labs page link, posted in comment #11

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 18, 2017 0
New Here ,
Oct 23, 2017

Copy link to clipboard

Copied

I don't see any 27.0.0.180  in that web page in commment #1. It shows 170 which is the one causing all the trouble:

https://helpx.adobe.com/security/products/flash-player/apsb17-32.html

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 23, 2017 0
Adobe Employee ,
Oct 23, 2017

Copy link to clipboard

Copied

27.0.0.180 is a beta release, which fixes the VMWare crashing issue.  Since it's a beta release, it's not listed on the security bulletin page.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 23, 2017 0
New Here ,
Oct 23, 2017

Copy link to clipboard

Copied

@ m_vargas Any idea when 27.0.0.180 is going to go from beta to production?  We don't really want to uninstall 170 and then install a beta product, I would rather keep it production and just get a new build for production release.  Do you have an ETA?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 23, 2017 1
Adobe Employee ,
Oct 23, 2017

Copy link to clipboard

Copied

We're aiming for an update posted to adobe.com on Wednesday, barring unforeseen issues between now and then.  We can't speak to when Google (Chrome) or Microsoft (Win8.x/10 for IE/Edge) would release the update.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 23, 2017 1
New Here ,
Oct 19, 2017

Copy link to clipboard

Copied

does it also fix the same problem with vmware vcenter flash client?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 19, 2017 0
New Here ,
Oct 19, 2017

Copy link to clipboard

Copied

I can confirm, beta version 27.0.0.180 fixed this problem for vCenter web client in Chrome. (Windows 7)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 19, 2017 1
Community Beginner ,
Oct 19, 2017

Copy link to clipboard

Copied

I have MS Windows 10 Pro.

When i try to install Adobe Flash Player 27.0.0.180 (beta) for Internet Explorer (Active X) i get the error:

error.png

It's about i have last version of Adobe Flash Player in my IE...

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 19, 2017 0
Adobe Employee ,
Oct 19, 2017

Copy link to clipboard

Copied

Microsoft embeds Flash Player in IE and Edge on Windows 10, as such, the standalone installer does not work, and all Flash Player updates for IE/Edge are released by Microsoft via Windows Update.  You'll need to use a different browser until this fix is in the release channel and Microsoft releases the update.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 19, 2017 1
Community Beginner ,
Oct 19, 2017

Copy link to clipboard

Copied

Thanks for answer, m_vargas.

But for what this distributive is made?

download.png

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 19, 2017 0
Adobe Employee ,
Oct 19, 2017

Copy link to clipboard

Copied

That's for Windows 7 and below.

I thought there was a comment on the labs page about the ActiveX Control being for Windows 7 and below, but don't see it.  I have submitted a query to the folks who maintain that page.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 19, 2017 2
New Here ,
Oct 20, 2017

Copy link to clipboard

Copied

Correct. and unless you have Firefox installed, you don't need flash activeX nor the ( flash plugIn for Firefox)  starting from  Windows 8.1 

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 20, 2017 0
New Here ,
Oct 19, 2017

Copy link to clipboard

Copied

Because of vulnerabilities in previous versions we had been setting our clients to auto-update automatically. This just goes to show that trying to be proactive isn't always the best option. We lost access to our VCentre, thank fully we had a RemoteApp that is a sterile environment. Damned if you do, damned if you don't.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 19, 2017 1