Adobe Systems has stopped distributing a recently issued update to its Creative Cloud graphics service amid reports a Mac version can delete important user data without warning or permission.
The deletions happen whenever Mac users log in to the Adobe service after the update has been installed, according to officials from Backblaze, a data backup service whose users are being disproportionately inconvenienced by the bug. Upon sign in, a script activated by Creative Cloud deletes the contents in the alphabetically first folder in a Mac’s root directory. Backblaze users are being especially hit by the bug because the backup service relies on data stored in a hidden root folder called .bzvol. Because the folder is the alphabetically top-most hidden folder at the root of so many users’ drives, they are affected more than users of many other software packages.
“This caused a lot of our customers to freak out,” Backblaze Marketing Manager Yev Pusin wrote in an e-mail. “The reason we saw a huge uptick from our customers is because Backblaze’s .bzvol is higher up the alphabet. We tested it again by creating a hidden file with an ‘.a’ name, and the files inside were removed as well.”
Backblaze officials have published three videos that show the deletion bug in action, including the one below.
On Friday morning, Adobe Creative Cloud users flooded Twitter with complaints about the unauthorized data deletions. Many users who don’t use Backblaze (the reporter of this Ars story included) will find the first folder in their Mac root drive is .DocumentRevisions-V100,
a folder that stores data required for Mac autosave and Version history functions to work properly. Deleting its contents could have negative consequences. The Adobe bug could also have dire consequences for users who have important folders with spaces in them, since those also assume a top alphabetically sorted spot on the Mac hard drive (which by default is labeled Macintosh HD).
An Adobe spokeswoman issued a statement that read: “We are aware that some customers have experienced this issue and we are investigating in order to resolve the matter as quickly as possible. We are stopping the distribution of the update until the issue has been resolved.” The version that appears to be causing the deletions is 220.127.116.11, Pusin said.
Creative Cloud users who have not yet installed the update should hold off doing so until Adobe releases detailed guidance. People who have already installed the update shouldn’t log in for the time being. One work-around for people who have installed the update and want to log in right away is to create a folder that assumes the alphabetically top-most spot in the root folder. A hidden folder with the name “.aaaaa” comes to mind, but the Backblaze guidance, perhaps offering some comic relief for its aggrieved users, suggested creating a folder called “.adobedontdeletemybzvol.”
To do so, users can Open Terminal and paste in “cd /” followed by “sudo mkdir /.adobedontdeletemybzvol” (minus the quotes).
SOURCE: Dan Goodin | Ars Technica