Bug in Adobe Creative Cloud updater erases root level Mac data

Posted:
in General Discussion edited February 2016
Adobe has pulled its most recent Creative Cloud update after the version was found to contain an errant script that automatically deletes locally stored Mac user data without warning.




The issue, which presents itself when a user logs into Creative Cloud after installing the flawed 3.5.0.206 update, deletes the contents of the first folder to show up alphabetically in a user's root directory, reports Ars Technica.

According to the publication, customers of data backup service Backblaze were inordinately impacted by the bug, as the company's hidden ".bzvol" root folder is alphabetically first for many Mac users. In the process of troubleshooting user errors, Backblaze confirmed the flaw by creating a hidden folder named ".a," installing Adobe's updater and opening Creative Cloud, a sequence that deleted the root file's contents.

Perhaps more troubling is that many Mac users will find the ".DocumentRevisions-V100" folder at the top their root drive. The file includes data critical to autosave and version history functionality, the deletion of which could result in various system errors.

"We are aware that some customers have experienced this issue and we are investigating in order to resolve the matter as quickly as possible," Adobe said in a statement. "We are stopping the distribution of the update until the issue has been resolved."

In the meantime, Creative Cloud users are advised not to install the version 3.5.0.206 update or, for those who have already done so, not to log in. For users who need immediate access to Creative Cloud, Backblaze suggests creating a sacrificial folder and assigning it a name assured to be first alphabetically.

Adobe has not offered an estimated timeline as to when the update will be fixed and subsequently re-released.
«13

Comments

  • Reply 1 of 42
    sflocalsflocal Posts: 6,092member
    I really hope this doesn't become the spawn-of-Flash.  

    Adobe just keeps shooting itself in the foot with security issues.
  • Reply 2 of 42
    This is the dawning of the age of idiocracy, the age of idocracy. The spawn of the babyboomers are in positions of responsibility, and guess who didn't get any life lessons in personal responsibility. It'll only take another generation for them to starting putting Brawndo on our crops, sowing the seeds of humanity's demise. 
    wetlanderSpamSandwichstargazerct6Sgoldfishcornchiptallest skil
  • Reply 3 of 42
    This is the dawning of the age of idiocracy, the age of idocracy. The spawn of the babyboomers are in positions of responsibility, and guess who didn't get any life lessons in personal responsibility. It'll only take another generation for them to starting putting Brawndo on our crops, sowing the seeds of humanity's demise. 
    Eh?
    mwhitenolamacguy
  • Reply 4 of 42
    This is the dawning of the age of idiocracy, the age of idocracy. The spawn of the babyboomers are in positions of responsibility, and guess who didn't get any life lessons in personal responsibility. It'll only take another generation for them to starting putting Brawndo on our crops, sowing the seeds of humanity's demise. 
    No need to panic! One of the spawn, Frito, is a direct descendent of Steve Ballmer and will employ thousands to labor at doing nothing but writing bad code while singing "Windows While You Work." Upgrayedd's unexpected arrival will put 51% of the population on their backs, servicing the 49% that could have voted for You-know-who but didn't.
    SpamSandwichbdkennedy1002mwhitedv8orcornchip
  • Reply 5 of 42
    MacProMacPro Posts: 19,718member
    Thank you Little Snitch.  I have Adobe CC apps but keep every one of them plus the multiple Adobe hidden apps  that CC installs 100% under manual permissions all of the time. OK I have to click several times every time I launch PS or Muse but I also sleep at night.  I don't trust Adobe as far as I could throw Shantanu Narayen.
    edited February 2016 pscooter63SpamSandwichthepixeldocmonstrositystevenozdv8orjohn.bpalomine
  • Reply 6 of 42
    rgh71rgh71 Posts: 125member
    Are you effing shtg me?  I spent days setting up my new Mac and don't really know what was alphabetically first!  Wtf!  Any suggestions??
  • Reply 7 of 42
    Whoa. This is bad. They force us to the cloud and then do this!..
    SpamSandwichstevenozjohn.b
  • Reply 8 of 42
    This is why I dislike shell scripts. Way too easy to make a simple typo, or simply overlook something, and cause things like this.

    The iTunes 2.0 installer contained a similar bug, back in the day, that could erase entire hard drives, all because someone forgot to put quote marks around a path variable.
    edited February 2016 SpamSandwichcornchip
  • Reply 9 of 42
    john.bjohn.b Posts: 2,742member
    rgh71 said:
    Are you effing shtg me?  I spent days setting up my new Mac and don't really know what was alphabetically first!  Wtf!  Any suggestions??
    It's not deleting the first folder, it's deleting the contents of the first folder.  On a new Mac, that would likely be the .DocumentRevisions-V100 folder which holds versioning and autosave document information.

    (Not that this excuses Adobe in any way, shape, or form.)
    edited February 2016 macky the mackySpamSandwich
  • Reply 10 of 42
    rgh71rgh71 Posts: 125member
    john.b said:
    rgh71 said:
    Are you effing shtg me?  I spent days setting up my new Mac and don't really know what was alphabetically first!  Wtf!  Any suggestions??
    It's not deleting the first folder, it's deleting the contents of the first folder.  On a new Mac, that would likely be the .DocumentRevisions-V100 folder which holds versioning and autosave document information.

    (Not that this excuses Adobe in any way, shape, or form.)
    Got it thanks a lot
  • Reply 11 of 42
    This is the dawning of the age of idiocracy, the age of idocracy. The spawn of the babyboomers are in positions of responsibility, and guess who didn't get any life lessons in personal responsibility. It'll only take another generation for them to starting putting Brawndo on our crops, sowing the seeds of humanity's demise. 
    Don't blame us B-B's. Most of them have retired already.
    Blame the new kids on the block (complete with MBA's) who are addicted to being online all the time and that all your data belongs to the supplier especially if you were foolish enough to put your stuff in their cloud.
    As a soon to retire B-B (born 1953) I refuse to put anything of value in a cloud. When it rains, the clouds go away.  none of my peers are cloud fans. You might think that we are Luddites but we value our privacy. Having written my first program in 1972 (puched cards ICL Mainframe), I've been there, done that , got the Bite marks to prove it.


    realisticSpamSandwichstevenozpscooter63mwhite
  • Reply 12 of 42
    I have a hard time understanding why anyone would be so enormously stupid that they would give root access to a graphics program. If the developer requires that, then say goodbye to them once and for all.
    edited February 2016 SpamSandwichdv8or
  • Reply 13 of 42
    MarvinMarvin Posts: 15,309moderator
    I have a hard time understanding why anyone would be so enormously stupid that they would give root access to a graphics program. If the developer requires that, then say goodbye to them once and for all.
    Root access is the top permission state, root level just means the top level of the filesystem, it's just a drive location.

    Something should really be done at the OS level to prevent file deletions. Sandboxing like in iOS can be too restrictive but for the odd times that apps would try to remove files outside of their sandbox, the system can ask the user and tell the user what the process is trying to do.

    Ideally a system should be separated into 3 parts: [unchanging system software] [system overrides, user software, unix software] [user data]. Right now, they are all mixed together. The core system software should never be modifiable, that's what the overrides are for. The system overrides and software would include system updates so that all system updates could be removed and rolled back to the core system on a bad update. There could be multiple core systems that can be switched out so if you needed to revert back to an older system, you just boot from it and this lets people try out new systems, even beta systems with an easy rollback.

    The user data would be completely separate from software so application updates would only write to the software location. By default, software would only have read and create permissions inside user data and overwrites like file saves and file deletions would always require confirmation by the user. To enforce this kind of partitioning might require a new filesystem but this may also allow things like easily setting up a core Bootcamp system, again with multiple versions of Windows or Linux and just allow booting from those and then have a separate Windows/Linux user partition with a different filesystem format. Perhaps there's a way to virtualize filesystem interaction so that the native filesystem is the same but it translates filesystem events on request so that every system can access every user data partition on request.

    With the current setup, a single stray command in a script or application code can wipe an entire user's personal data at the user's permission level and if a password is typed in during install, it can do far worse. Software shouldn't be given the opportunity to do damage by default. This won't result in endless permission requests because software would have read and create permissions and overwrite and delete permissions for any files that same process created and deletion events outside a sandbox would happen very rarely, usually only in cases like this where something went wrong.
    edited February 2016 thepixeldocstevenozpalomineGilliam_Bates
  • Reply 14 of 42
    MacProMacPro Posts: 19,718member
    This is the dawning of the age of idiocracy, the age of idocracy. The spawn of the babyboomers are in positions of responsibility, and guess who didn't get any life lessons in personal responsibility. It'll only take another generation for them to starting putting Brawndo on our crops, sowing the seeds of humanity's demise. 
    Don't blame us B-B's. Most of them have retired already.
    Blame the new kids on the block (complete with MBA's) who are addicted to being online all the time and that all your data belongs to the supplier especially if you were foolish enough to put your stuff in their cloud.
    As a soon to retire B-B (born 1953) I refuse to put anything of value in a cloud. When it rains, the clouds go away.  none of my peers are cloud fans. You might think that we are Luddites but we value our privacy. Having written my first program in 1972 (puched cards ICL Mainframe), I've been there, done that , got the Bite marks to prove it.


    Born 52 here. I have local back up of everything plus use the cloud for convenience and intra-device access.  Best of both worlds and why not?
    thepixeldocmwhitepalomine
  • Reply 15 of 42
    So glad I stopped updating my Adobe software several major updates back. Couldn't see the logic for the user to pay rent to Adobe for what looked like minimal benefits. I'll never update any of my desktop Adobe software again! They're the most dangerous company out there for designers, besides Microsoft!
    edited February 2016 nolamacguypalomine
  • Reply 16 of 42
    kpluckkpluck Posts: 500member
    Perhaps more troubling is that many Mac users will find the ".DocumentRevisions-V100" folder at the top their root drive. The file includes data critical to autosave and version history functionality, the deletion of which could result in various system errors.
    Apple's autosave system is garbage, people shouldn't be using it anyway. That being said, so is Adobe's Creative Suite. It is a Karma double whammy! :)

    -kpluck
  • Reply 17 of 42
    larryjwlarryjw Posts: 1,031member
    I new level of security is required for OS X -- more like iOS? Security to App: "If it ain't your file you can't touch it."
  • Reply 18 of 42
    Born 51 here... I have multiple local backups... both cloning and backup (like Time Machine on Macs)... for all my computers, PC and Mac.

    I do use Dropbox for some data syncing for my nine computers, but I don't put anything sensitive on it.

    As a computer consultant I advise people to not put their data on 'another man's computer.' Keep it local and keep multiple copies.
    mwhite
  • Reply 19 of 42
    Any sort of quality assurance would have caught this.
  • Reply 20 of 42
    mwhitemwhite Posts: 287member
    stevenoz said:
    Born 51 here... I have multiple local backups... both cloning and backup (like Time Machine on Macs)... for all my computers, PC and Mac.

    I do use Dropbox for some data syncing for my nine computers, but I don't put anything sensitive on it.

    As a computer consultant I advise people to not put their data on 'another man's computer.' Keep it local and keep multiple copies.
    Another 51 here I only do local backups and do it every day, I don't like keeping much but a few pictures in the clould.
Sign In or Register to comment.