In association with heise online

05 June 2012, 14:10

Adobe updates arrive after user protests

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe logo

Adobe has now released updates that close a number of critical vulnerabilities in Photoshop (CS5 and CS5.1) and Illustrator (CS5 and CS5.5). It was possible for an attacker to get a user of these applications to open a specially crafted TIFF file and infect a system with malicious code. Together the updates fix three critical vulnerabilities in Photoshop and six critical vulnerabilities in Illustrator.

When Adobe originally announced the vulnerabilities, it told users that the only way to close them would be to upgrade to the latest, and recently released, versions of the software. In the case of Photoshop, that would have been a cost of £190 ($199). Adobe argued that they did not believe "the real-world risk" warranted an "out of band release to resolve these issues"; this sparked a wave of protest by users. A few days later, on 12 May, the company announced it was changing its advisories and said it was working on patches and would update the advisories when the patches were available.

With the announcement of the updated advisories and available patches, Adobe Photoshop CS5.x and Illustrator CS5.x users, should be able to feel somewhat safer. The patches only took a month to arrive after the delivery of the same fixes in the paid-for-upgrades of PhotoShop and Illustrator. Details on how to install the Photoshop updates are available separately, while Illustrator users can find the updates within the advisory. The updates apply to both Windows and Mac versions of the software.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit