CS5 Design Premium installed 4 copies of the Java JRE - (2) v184.108.40.206 and (2) v220.127.116.11 in various Adobe directories.
The current version is 18.104.22.168 so Secunia PSI gives me security warnings for the 4 copies installed by CS5.
Can I simply delete these directories since I have the latest version installed elsewhere on my system, or do I have to copy over the current version to each of these directories (and do that again every time there is a new Java)?
Have the same problem in 2 different locations:
JRE version detected: 22.214.171.124
I contacted technical support, the representative took notes but that's all. No solution has been given.
I'm thinking to replace jre folder with jre6 but I'm afraid of the result.
I understand install package from DVD is not up-to-date. But I don't understand patch is not yet available thru Adobe updater (checked launching it within Photoshop).
The v6.0.20 JRE is available since 15th of April.
Adobe: don't let users of brand new CS5 with Highly critical vulnerabilities on their system!
Fix it ASAP. In the interval, a workaround is welcome.
PS: I've just reported vulnerability detected in CS5 Suite to Secunia
I've deleted these Java installations on my secondary computer. I don't use CS5 that extensively on that system, but I haven't seen any ill effects when I have.
So far, I've just left these insecure installations alone on my main system.
At the moment I simply renamed java.exe with java.exe_OLD in C:\ProgramData\Adobe\CS5\jre\bin\java.exe
So it shouldn't be able to be run and when an Adobe update will be published I shouldn't have to reinstall any program.
I was up to do the same renaming in C:\Users\All Users\Adobe\CS5\jre\bin\java.exe but obvisouly exe file has been also renamed during first renaming (curious but true, the 2 folders seem "linked").
No alerts anymore in Secunia PSI Vulnerable soft and Browers tabs but this workaround is not an acceptable solution.
Too soon to say if all Adobe apps work properly.
Adobe, wake up! A big company like yours cannot play that way with security.
Nothing that I've heard. Iwas afraid to simply delete the directories on my main system (like I did on my home computer) so I copied over the latest version to each dir. I'm sure it was a waste of time, but then again, the Logitech Harmony Remote software does the same thing and that program doesn't run if you simply delete the jre dir.
I simply copied and pasted the proper Java installation (c:\Program Files (x86)\Java\jre6\*) into all affected Adobe installation directories and have suffered no ill effects.
Note this will be c:\Program Files for 32 bit users
Secunia found the same problem on my machine and I located an additonal old version 5 java.exe at another location that Secunia didn't notice: \Program Files\Adobe\Acrobat 9.0\Designer 8.2\jre\bin. I contacted Adobe Support. They told me since this is a 3rd party software issue, I need to contact java.com directly and referred me to Java's online chat support. Adobe said online chat support would be free. However, Java calls it "fee-for-service" and most problems cost about $75 to fix!
Instead of throwing away my money just to get CS5 installed safely, I made .zip files of the jre folders (Dreamweaver's was in the folder "JVM" instead of jre) in case they would be necessary later and then just deleted the contents of each jre folder. 4 of the 5 opened fine. The only one that generated an error was Flash Pro. However, when I copied the contents of the latest (secure) version of jre to C:\ProgramData\Adobe\CS5\jre\ , Flash Pro fired up fine with no error messages.
The problem with this approach showed its ugly head yesterday when I tried to update Dreamweaver. It FAILED. I unzipped the saved jre folder back to its original location, tried to update again, and it still failed. I am still waiting for an answer from another post but I suspect that this may be related to monkeying with java.
Sure would be nice if Adobe would solve this security issue themselves, instead of making customers of a very expensive software resort to playing with things under the hood themselves.
Europe, Middle East and Africa