Spectre / Meltdown Mitigations for Flash 30


#1

Spectre / Meltdown Mitigations
also known as https://www.adobe.com/go/fp-spectre

In response to a class of recently disclosed vulnerabilities in popular CPU hardware related to data cache timing (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754), known popularly as Spectre and 3Meltdown, we are disabling the ‘shareable’ property of the ActionScript ByteArray class by default and have added in jitter to our event and timer api’s.3
which also lead to FP-4198844
ArgumentError: Error #3806 in Flash Player 30

eg.

ArgumentError: Error #3806: ByteArray.shareable is no longer supported.
Learn more at https://www.adobe.com/go/fp-spectre
    at flash.utils::ByteArray/set shareable()
    at o1357/o18528()
    at flash.events::EventDispatcher/dispatchEventFunction()
    at flash.events::EventDispatcher/dispatchEvent()
    at flash.net::URLLoader/onComplete()

in short, the shareable property of the ByteArray class is now restricted by default in Flash Player 30

see EnableInsecureByteArrayShareable

This setting will allow Administrators to override the Flash Player 30 and above default behavior of restricting the “shareable” property of the ActionScript ByteArray API class. Shared ByteArrays are used to share data between threads with ActionScript “Workers.” Shared ByteArrays are an advanced feature of the ActionScript API set and not commonly used in the vast majority of published Flash content. For increased security, we recommend administrators leave this feature disabled.

and
EnableInsecureByteArrayShareableDomain

By default, Flash Player 30 and above will no longer allow the “shareable” property of the ActionScript ByteArray API class. The EnableInsecureByteArrayShareableDomain settings provide exceptions to that rule. Administrators can create a “white list” of approved domain names or IP addresses to which the EnableInsecureByteArrayShareable setting will apply. If the active security context is in the list of domains and IP addresses, then access to the sharable ByteArray property will be allowed. Otherwise, sharable ByteArray access will be denied.