Posted on
06:29 PM
- last edited
3 weeks ago
Thank you Adobe for the very special Christmas present. #not
Security updates available for Adobe Photoshop CC | APSB17-34
Effects 18.1.1 and earlier versions.
To remediate update:
To remediate remove:
Security updates available for InDesign | APSB17-38
Effects 12.1.0 and earlier versions.
To remediate remove:
You read that right. Adobe sucks so bad, that you have to remove their shit from your computer to protect yourself. #smfh
Earlier in the year Adobe began to confirm in writing (new managers?) that CC "uninstallers" do work (and ironically but not surprisingly that CS "uninstallers" never worked but I digress ¯_(ツ)_/¯ ). We have kept all our CC "uninstallers" so here is our plan.
STEP ONE (remediate vulnerable versions)
to loop through /Applications
directory to find and "uninstall" the vulnerable versions./Library/COMPANY/Adobe/InDesignBlowsChunks.txt
and /Library/COMPANY/Adobe/PhotoshopBlowsChunks.txt
in case we need it later.STEP TWO (provide new new versions if user meets requirements)
There would be a STEP THREE if we can forward all complaints/escalations to the inbox of Adobe's CEO...we can dream, no?
Pixelmator Pro The world’s most innovative image editing app
Pixelmator Pro wants to be the Photoshop killer on macOS
Pixelmator Pro: Everything you need to know!
Pixelmator Pro now available for $60, an advanced single-window image editor for Mac
Are You Metal Enough For Pixelmator Pro?
Posted on 12-20-2017 12:02 AM
Don Montalvo must be feeling...
Posted on 12-20-2017 07:09 AM
Check please! Think its time to start my vacation now!
Posted on 12-20-2017 08:30 AM
@Taylor.Armstrong the hardest part will be dealing with users who don't like their choices...
Posted on 12-20-2017 08:43 AM
Looking at the security notices, while the are both critical severity they are also given Adobe's lowest priority of 3:
This update resolves vulnerabilities in a product that has historically not been a target for attackers. Adobe recommends administrators install the update at their discretion.
I am not trying to excuse Adobe but at least it looks like there have never been any attempts to exploit InDesign or Photoshop based on their Priority 3 description. These are probably considered much smaller targets by hackers compared to Adobe's other products like Flash and Acrobat.
Posted on 12-20-2017 08:44 AM
I'm so glad I'm not in an industry that needs to deal with Adobe's nightmares anymore, and I hope to never return to a company that has a large Adobe install base that I have to deal with again. It may eventually happen again, but I'll enjoy my time away from the mess for now.
Posted on 12-20-2017 09:31 AM
It's interesting how Adobe has zero communication in their Creative Cloud toolbar app. Maybe a message about this "critical priority 3 security issue" would be appropriate. bunch of jerks...
Posted on 12-20-2017 09:53 AM
The Creative Cloud Packager application has a "create uninstaller package" option which can bundle multiple uninstalls for all affected version numbers if that's helpful to folks.
Posted on 12-21-2017 08:05 AM
@spalmer I feel sorry for all Adobe customers, really shows how reckless that company is. But then, they've got a lot of mouths to feed.
@mm2270 I envy you. Or I hate you. Can't decide. :)
@dgasinowski We keep all the "uninstallers" that CCP spits out so we're in good shape. Curious if an all inclusive "uninstaller" package would error if a version is not there? Good to know the option is there.
Posted on 12-21-2017 10:47 AM
Getting end-user reports that the Photoshop CC 2017 18.1.2 update is deleting users' custom brushes and presets. Fun fun fun.
Posted on 12-21-2017 10:53 AM
@donmontalvo If you use the uninstallers that CCP spits out when you build an install package, they'll get mixed up if you have upgraded or changed the install since that package was built. Sometimes they fail, sometimes they silently leave applications installed.
You can also build an uninstall-only package that will fairly-reliably remove every version that you want (which, for what we use it to accomplish, is generally "all of them") without failing on a missing app/version. Unfortunately, that package is dumped out as a generic binary and an XML file that has to live in the same directory; we use Composer to make a .pkg which places that binary and XML file into a temp directory, then calls the binary. Also, it doesn't uninstall Acrobat ever, so that's a thing.
Posted on 12-21-2017 04:30 PM
@gregneagle Woah, you're scaring me...guessing something got whacked by the 18.1.2 installer, or did an uninstaller do it?
@bvrooman Seems like the consensus is to build an all in one uninstaller, well I'll give that a shot, now that I have several test computers set up with InDesign/Photoshop CC/CC2014/CC2015/CC2017.
Posted on 12-22-2017 07:30 AM
@donmontalvo I'm not running any uninstaller -- just installing the new version of Photoshop CC 2017 over the existing version. No reports from anyone running Photoshop CC 2018 yet, but we don't have a lot of those people.
Posted on 12-22-2017 07:33 AM
Interesting... we installed "on top of" as well, but it didn't remove the old. Just a bog-standard CCP package. We ran both for a few weeks, cleaning up the older installs now that all users seem to have adjusted to the update.
Posted on 12-22-2017 08:10 AM
@donmontalvo As your attorney, I advise you to buy 10 lottery tickets. You’ll have better odds with that than one of your users having ‘remote code execution’ via InDesign or Photoshop. #AdobeDumsterFire
Posted on 12-22-2017 09:26 AM
@gregneagle @Taylor.Armstrong Good catch, I edited the original post, Adobe InDesign CC 2017 (18.1.1 or older) needs to be updated to 18.1.2.
Posted on 12-22-2017 09:31 AM
@dpertschi Risk mitigation falls on the Security Team's plate. #stayInYerLaneDude
:):):) They send us a high rated ticket, we have to remediate. I know I don't ever want to be on the receiving end if/when there is a breach.
Being employable is a thing to most folks. Unless your mom if famous, then you can give everyone admin rights and remove all anti malware. Get fired one day, and land a lucrative movie role in the next day. ¯_(ツ)_/¯
Posted on 12-22-2017 11:03 AM
@dpertschi Where did you get that delicious adobe dumpster fire icon?
I might put that on my uninstaller policy in Self Service, pending rights.
Posted on 12-22-2017 01:13 PM
Photoshop CC 2018 users are also seeing their custom brushes, presets, and workspaces get deleted when updated from 19.0.0.x to 19.0.1. Fun times.
Posted on 12-22-2017 05:12 PM
@gregneagle I spent years in a service bureau, backing up my settings, swatches, brushes, etc., was all on me. I can see how today’s users couldn’t be bothered. Hmmmm
Posted on 12-26-2017 07:00 PM
Ok finally freed up some cycles to create two uninstaller. One for each vulnerability.
Will package up and test, since the choices seem to be the initial releases.
Hopefully no cruft left behind from updates on those apps.
If these leave cruft behind I'll do another round of testing, using the latest uninstallers.
Posted on 12-26-2017 07:19 PM
As always, hoping this helps the next person...
if [ -e /private/tmp/.Adobe_InDesign-APSB17-38_uninstall/AdobeCCUninstaller ]; then
/bin/echo "Running AdobeCCUninstaller for Adobe_InDesign-APSB17-38_uninstall..."
/private/tmp/.Adobe_InDesign-APSB17-38_uninstall/AdobeCCUninstaller 2> /dev/null
/bin/sleep 30
/bin/echo "Task completed..."
exit 0
Posted on 12-26-2017 09:12 PM
Ran Adobe_InDesign-APSB17-38_uninstall.pkg
and happy to report it appears to have ran flawlessly.
Had InDesign CC/CC2014/CC2015/CC2017/CC2018 installed, targeted all but InDesign CC 2018.
InDesign CC 2018 launched fine after the older versions were uninstalled.
Log shows it took roughly an hour with a user logged on.
Here's the log:
bash-3.2# tail -f /Users/currentUser/Library/Logs/AdobeCCUninstaller.log
12/26/17 19:52:30:793 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | Launching the AdobeCCUninstaller...
12/26/17 19:52:30:793 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | AdobeCCUninstaller version is :
12/26/17 19:52:30:807 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | Products to be uninstalled:
12/26/17 19:52:30:807 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | (IDSN/10.0/osx10)
12/26/17 19:52:30:807 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | (IDSN/11.0/osx10)
12/26/17 19:52:30:807 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | (IDSN/12.0.0/osx10-64)
12/26/17 19:52:30:807 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | (IDSN/9.0/osx10)
12/26/17 19:52:30:807 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | **************************************************
12/26/17 19:52:30:807 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | Attempting to uninstall the above products ...
12/26/17 19:52:30:812 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | Uninstalling (IDSN/10.0/osx10)
12/26/17 20:04:17:851 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | The return code from the Adobe Installer Process is (0).Uninstallation successful.
12/26/17 20:04:17:851 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | Successfully uninstalled (IDSN/10.0/osx10)
12/26/17 20:04:17:852 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | **************************************************
12/26/17 20:04:17:852 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | Uninstalling (IDSN/11.0/osx10)
12/26/17 20:33:30:633 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | The return code from the Adobe Installer Process is (0).Uninstallation successful.
12/26/17 20:33:30:634 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | Successfully uninstalled (IDSN/11.0/osx10)
12/26/17 20:33:30:634 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | **************************************************
12/26/17 20:33:30:634 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | Uninstalling (IDSN/12.0.0/osx10-64)
12/26/17 20:33:54:856 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | The return code from the HDPIM Setup Process is (0). Successfully uninstalled.
12/26/17 20:33:54:856 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | Successfully uninstalled (IDSN/12.0.0/osx10-64)
12/26/17 20:33:54:856 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | **************************************************
12/26/17 20:33:54:856 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | Uninstalling (IDSN/9.0/osx10)
12/26/17 20:50:17:126 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | The return code from the Adobe Installer Process is (0).Uninstallation successful.
12/26/17 20:50:17:126 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | Successfully uninstalled (IDSN/9.0/osx10)
12/26/17 20:50:17:126 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | **************************************************
12/26/17 20:50:17:129 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | Summary:
12/26/17 20:50:17:130 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | **************************************************
12/26/17 20:50:17:130 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | Removed products:
12/26/17 20:50:17:130 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | (IDSN/10.0/osx10)
12/26/17 20:50:17:130 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | (IDSN/11.0/osx10)
12/26/17 20:50:17:130 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | (IDSN/12.0.0/osx10-64)
12/26/17 20:50:17:130 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | (IDSN/9.0/osx10)
12/26/17 20:50:17:131 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | ##################################################
12/26/17 20:50:17:131 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | Ending the AdobeCCUninstaller Return Code (0)
12/26/17 20:50:17:131 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | ##################################################
12/26/17 20:50:17:131 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 | ##################################################
12/26/17 20:50:17:132 | [INFO] | | CCP | Utilities | AdobeCCUninstaller | | | 4857423 |
[Edit: Same successful run for the Photoshop apps, Photoshop CC 2017 and 2018 both launched fine. For that run, the only thing left is to update Adobe Photoshop CC 2017 to 18.1.2. ]