Friday, February 12, 2016

Adobe Creative Cloud Installer Deleting Hidden Files

Backblaze (via Jordan Merrick):

We’ve encountered an issue on the Mac where Adobe Creative Cloud appears to be removing the contents of the first hidden folder at the root of the drive, in alphabetic order. By happenstance, the first hidden folder on most Backblaze customer’s internal drive is the .bzvol folder.

As a workaround, they suggest creating a new top-level folder whose contents you don’t care about: /.adobedontdeletemybzvol.

Update (2016-02-12): Brian Webster:

Yup, this happened to me the other day.

Ole Begemann:

Thank you Adobe for making all your installers require admin privileges.

Daniel Jalkut:

If Apple strived to make the Sandbox fulfill more needs, I think many more apps would be sandboxed.

OS X would be a more secure platform if developers could sandbox, declaring ALL their behaviors, whether they fit long-term goals or not.

In this scenario, an app like Adobe’s might have “I need to delete /.adobe”, and the system would prevent it deleting /.bzvol.

Because Apple’s sandboxing limitations are so rigid, some developers who would otherwise “do the right thing” won’t even bother trying.

Update (2016-02-13): Wil Shipley:

Adobe Creative Cloud is a great example of why Apple’s sandbox is nigh-useless. Because Adobe only sells it direct, so no sandbox.

Small developers are stuck in a barely functioning, almost impossible to use sandbox while one of the largest is deleting our files.

Update (2016-02-16): Adobe:

Earlier today we were notified of an issue with an update to the Creative Cloud Desktop application on Mac that we rolled out earlier in the week. In a small number of cases, the updater may incorrectly remove some files from the system root directory with user writeable permissions.

We have removed the update from distribution, and are in the process of deploying a new update which addresses the issue. When prompted for the update, Creative Cloud members should install it as normal.

Backblaze:

Adobe fixed the issue on Sunday with version (3.5.1.209). All users of Adobe Creative Cloud can now update their software.

Matt Gemmell:

Creative Cloud pushes the user to enable auto-updating, and many people opt-in for the sake of convenience. It’s a fine idea, and ordinarily it should increase security and stability too, but more importantly it’s a gesture of trust. When that trust is violated, the damage done to the vendor’s image and their relationship with the customer is severe. Adobe has a long history of Byzantine installations and concomitant problems, and this one takes the cake – especially from a large company which readily has the resources for extensive QA, and a great deal to lose.

Update (2016-02-18): John Siracusa, like me, argues that Apple should make it as easy as possible for developers to sandbox all applications, even those that won’t be in the Mac App Store.

Comments RSS · Twitter

Leave a Comment