On January 12th immediately after 8:15 a.m. local time, the computers began malfunctioning at the Dalian Train Operations Depot in northeast China. The dispatcher’s browsers did not load the train schedule details. Six hours later, the dispatchers also lost the ability to print train data from the web application. According to the deposit account on Weibo and WeChat and after a tracking post a few days later, the system continued and shut down for 20 hours before the IT staff finally stabilized it. The culprit seems to have been a seismic, but not unforeseen, change on the Internet: the death of Adobe Flash Player.
With the end of 2020, Adobe has fully ended support for its infamous but nostalgic multimedia platform. On January 12, Adobe took things a step further, triggering a kill switch it had been distributing in Flash updates for months, blocking content from running in the player – essentially making the software inoperable. The company has warned of the transition for years, while browsers such as Chrome and Firefox have gradually pushed users to other standards. Apple has spent an entire decade trying to detach web developers from Flash. But organizations such as the Dalian Depot did not receive the grade. Frantic employees have come to hack old versions of the software, even modifying them to run on all different versions of Windows to stabilize the system.
“Twenty hours of fighting. Nobody complained. Nobody gave up. In solving the Flash problem, we turned the gaze of hope into fuel for advancement, “officials wrote in a post mortem, translated by journalist Tony Lin.
The Dalian Depot incident speaks to the reality that Flash is not really dead yet and will persist untouched – and sometimes unknown to anyone – in networks around the world. Mainland China is the only region in the world where Flash will still be officially available through a distributor Adobe has partnered with in 2018. But some users have complained about issues with the dedicated Chinese version of the program and have found workarounds to continue to use the regular program. edition.
After decades of abuse by hackers, especially those running “advertising” schemes, Flash installations – either forgotten or intentionally maintained – could expose networks for years to come. After all, software versions that have not been recently updated do not have the kill switch inside. And because Adobe no longer supports the software, there will be no security patches for any new Flash vulnerabilities that appear.
“Flash Player can stay on your system unless you uninstall it,” Adobe says in a frequently asked question. from running after EOL Date. ”
In October, Microsoft also released an optional update for Windows 8 and later, which removes the built-in version of the Flash operating system.
However, despite this multiple strategy, some installations will persist. In addition to the risk of organizations not updating their software, the latest Adobe version of Flash included a special feature for enterprises, which allows network administrators to essentially replace the kill switch and place Flash features on a “allow ”. “Any use of the domain-level permission list … is strongly discouraged, will not be accepted by Adobe, and is entirely at the user’s own risk,” the company says.
Even organizations that uninstall the Flash desktop will also need to worry about browser versions if they don’t update them regularly. For systems that do not receive or cannot receive updates easily, these two Flash Player locations can mean a double exposure.