Adobe updates arrive after user protests
Adobe has now released updates that close a number of critical vulnerabilities in Photoshop (CS5 and CS5.1) and Illustrator (CS5 and CS5.5). It was possible for an attacker to get a user of these applications to open a specially crafted TIFF file and infect a system with malicious code. Together the updates fix three critical vulnerabilities in Photoshop and six critical vulnerabilities in Illustrator.
When Adobe originally announced the vulnerabilities, it told users that the only way to close them would be to upgrade to the latest, and recently released, versions of the software. In the case of Photoshop, that would have been a cost of £190 ($199). Adobe argued that they did not believe "the real-world risk" warranted an "out of band release to resolve these issues"; this sparked a wave of protest by users. A few days later, on 12 May, the company announced it was changing its advisories and said it was working on patches and would update the advisories when the patches were available.
With the announcement of the updated advisories and available patches, Adobe Photoshop CS5.x and Illustrator CS5.x users, should be able to feel somewhat safer. The patches only took a month to arrive after the delivery of the same fixes in the paid-for-upgrades of PhotoShop and Illustrator. Details on how to install the Photoshop updates are available separately, while Illustrator users can find the updates within the advisory. The updates apply to both Windows and Mac versions of the software.