Security updates for Adobe GoLive 9 and Illustrator CS3
Adobe has released updates for GoLive 9 and Illustrator CS3 which fix critical security vulnerabilities. According to Adobe, opening a crafted bmp, dib, png or rle file in Illustrator is sufficient to become infected with malicious code. In GoLive, this additionally requires the user to paste such a file into a GoLive document (an HTML file). The cause of the problem is a heap overflow when processing any of these file formats. Adobe had to contend with a similar problem in Photoshop CS2 and 3 back in April, following publication of a zero day exploit. It took until July for an update for Photoshop to be released.
Updates for Illustrator for Windows and Mac are already available. To date a complete update for GoLive is available for Windows only - the Apple version is still missing an updated plugin for png files. This should, however, be available soon. Until it is, Adobe is advising Mac users to deactivate the png plugin.
- Illustrator CS3 update to address potential security vulnerabilities, security advisory from Adobe
- GoLive 9 update to address potential security vulnerabilities, security advisory from Adobe