Adobe Lightroom Update May Have Deleted Some User Photos

Recently, Adobe released version 5.4 of Lightroom. It is a popular photo editing app used by a wide range if iOS devices. Unfortunately, the update may have done more harm than good.

Many iOS users who installed the update have discovered that their photos and custom present filters were permanently deleted.

The only people spared from such a fate were those who paid for a subscription to sync their files to Adobe’s cloud solution.

Rikk Flohr, an Adobe representative, confirmed that this was indeed a side effect of installing Lightroom version 5.4 on iOS devices. Curiously, the update for the Lightroom app on macOS and Android devices were not impacted in this manner.

If you have an iOS device and use Lightroom, don’t install the 5.4 update. Adobe has subsequently released a fix in the form up Lightroom for iOS 5.4.1, which is confirmed not to delete user files.

Unfortunately, if you have already installed version 5.4 and you aren’t paying for a subscription to the Adobe Cloud, the company confirms that there is no fix for the issue. Your lost photos simply cannot be recovered.

Needless to say, this is infuriating, and then some. Currently, there’s a tremendous uproar on Reddit and other sites around the web, with some users having lost several years’ worth of saved photos. Over the years, we’ve seen a number of botched updates that have led to a wide range of unexpected side effects ranging from the mildly annoying to the dangerous. Few have been as bad as this.

People cherish their photo collections and often have hundreds, or even thousands of digital memories. For a photo editing app to simply demolish all that in the blink of an eye is a weighty blow. It’s going to take a long time for Adobe to win back the trust of the iOS community. It may not even be possible.

For now, just be sure to back up your photos or files in a few ways, just to be safe from unexpected incidents like these.

Adobe Photoshop Should Be Updated To Address Security Issues

Do you use Adobe Photoshop, Bridge, or Prelude? If so, and even if you’re not normally quick to apply security patches issued by the company, you’ll want to give the most recent patch from Adobe priority.

The company’s most recent patch addresses an even dozen critical security flaws that could allow an attacker to execute arbitrary code on Windows machines.

On top of that, the latest patch fixes an issue with Adobe Reader Mobile for Android users that fixes an information disclosure bug.

Here’s a quick summary:

The version of Adobe Bridge you want to install is 10.1.1, which addresses the issues tracked as:

  • CVE-2020-9675 (Out of Bounds Read)
  • CVE-2020-9674 (Out of Bounds Write)
  • CVE-2020-9676 (Out of Bounds Write)

For Adobe Photoshop, grab version CC 2019.20.0.10 or CC 21.2.1, both of which address the issues tracked as:

  • CVE-2020-9683 (Out of Bounds Read)
  • CVE-2020-9686 (Out of Bounds Read)
  • CVE-2020-9684 (Out of Bounds Write)
  • CVE-2020-9685 (Out of Bounds Write)
  • CVE-2020-9687 (Out of Bounds Write)

If you’re an Adobe Prelude user, the version you want to look for and install is Adobe Prelude 9.01, which addresses issues tracked as:

  • CVE-2020-9677 (Out of Bounds Read)
  • CVE-2020-9679 (Out of Bounds Read)
  • CVE-2020-9678 (Out of Bounds Write)
  • CVE-2020-9680 (Out of Bounds Write)

Finally, if you’re an Adobe Reader Mobile user with an Android device, the version you want to install is Adobe Reader Mobile 20.3, which addresses the issue tracked as CVE-2020-9663.

If there’s a silver lining to the issues addressed by these patches it is in the fact that if the user has standard privileges on a Windows-based machine, the risks addressed by these patches will be significantly reduced.

Even so, that’s not something that holds true for everyone. Even if you’re not in the habit of installing security patches right away, you’ll definitely want to make an exception for these.

Adobe Acquired Magento Marketplace Suffers Data Breach

Recently, the Magento Marketplace was acquired by Adobe and suffered a breach that exposed a limited amount of user data to an unknown third party.

When Adobe discovered evidence of the breach, they temporarily shut the marketplace down so they could assess the extent of the breach.  It has subsequently been reopened.

If you’re not familiar with Magento, it is an online repository where users can find extensions, both paid and free, that enhance the capabilities of the e-commerce platform the company is known for.

The investigation into the breach is ongoing. At this point, the company can confirm that the exposed information included  MageID, billing and shipping addresses, phone numbers, user names and email addresses.  Also exposed were the percentages paid to developers who host their extensions on the marketplace.

The company stresses that passwords, payment card information and other detailed financial information was not exposed.  They also report that the security issues that made the breach possible have been corrected.

If your data was compromised, you should have already received a notification from Magento.  The company did not reveal how many users were impacted overall. Although that information may be made available as the investigation into the matter continues.

Since the company confirmed that no passwords were stolen, there’s really nothing for you to do if you use the marketplace. As a precaution, however, you may want to change your password just to be safe.

Overall, Adobe and Magento’s handling of the issue has been good, but this has sadly become standard fare.  A company makes a misstep.  Hackers take advantage.  Users pay the price.  Company apologizes, and then we get a new headline the following week about it happening somewhere else.  Stay vigilant.  It’s your best defense against these kinds of issues, which seem to be increasing in their frequency.

Adobe Removing Older Software And Products Is Upsetting Users

Adobe is facing harsh criticism after they began sending letters out to portions of their user base. The letters inform users of Creative Cloud that older versions of the products they’re using have been discontinued and licenses to use those products have been revoked. Users are to stop using them immediately and upgrade to newer versions or they “may be at risk of potential claims of infringement by third-parties.”

According to Adobe’s support page, the following programs have discontinued versions::

  • Photoshop
  • InDesign
  • Premier Pro
  • Media Encoder
  • After Effects
  • Animate
  • Audition
  • Lightroom Classic
  • Bridge
  • Prelude
  • SpeedGrade
  • Captivate

Unfortunately, this letter and its contents raise serious issues for developers around the world.  Once a project has been initiated using a specific version of a product, Developers are highly reluctant to upgrade to a newer version in mid-project, for fear of introducing bugs.  In addition to that, there are several older, legacy projects in the wild that are employing older equipment. So, upgrading to the latest version of a given program may not be possible due to hardware compatibility issues.

In days gone by, Adobe took a much different, softer approach, allowing development teams to continue using a discontinued program for a number of years. So far at least, Adobe is sticking to their guns.  They intend for everyone to stop using the older versions of their products and insist that they pay to upgrade, or else.

Adobe declined to comment specifically on the matter. However, insiders suspect that the company’s hard line about the issue stems from a lawsuit filed by Dolby for unpaid license fees related to the use of their technology in a variety of software Adobe makes.  Be that as it may, it has the feel of a massive shakedown and it has even the company’s supporters furious.

Iconic Software Adobe Shockwave Unavailable After April

It’s the end of an era.  Way back in 1995, a company called Macromedia released the iconic Shockwave player, which quickly became a mainstay on Windows-based machines.

A decade later, Adobe purchased Macromedia, taking ownership of the Shockwave player and the company’s other  products (like Flash), both of which continued under the Adobe brand.

Time has not been kind to the technology.  Not only has the company struggled to keep them secure, but the web itself has moved on.  While Flash and Shockwave were once instrumental to cutting edge web development, today’s developers have migrated to WebGL and HTML5, leaving these products with a withering market share.

Although there’s not much current demand for the products, there are a surprising number of legacy websites that still rely on the aging tech.  That’s why Adobe’s recent end of life announcement for Shockwave is sending ripples of panic through the internet.

Adobe has begun sending out emails to their customers bearing the subject line “Adobe Shockwave Product Announcement” in a bid to give webmasters whose sites are built around the tech time to shift gears. The Shockwave Player will officially be retired as of April 8th, 2019, about a year before another iconic Adobe product called Flash Player is slated to retire.

According to the official announcement, business owners with existing Shockwave Enterprise licenses will continue to receive product support until the end of their current contract.  There will be no renewals.

All that to say, the clock is ticking.  If redesigning your company’s website to migrate away from Shockwave and Flash is something you’ve had on the backburner for a while, it’s time to move it to the front of the queue.  Be sure your IT and web development staff are aware, and plan accordingly.  The end is nigh.