Recent versions of Adobe's high-profile Creative Suite applications, including Adobe Photoshop, Illustrator, and Flash Professional, have security vulnerabilities on both Windows and Mac platforms. While Adobe initially said users must pay for a CS6 upgrade to fix the problems, subsequently, the company said it will issue free patches to fix the bugs in all three applications. The change was announced in a post on the company's official blog.
"The team decided to make available patches for Photoshop CS5.x, Illustrator CS5.x, and Flash Professional CS5.x," said an Adobe spokesperson, as cited by MacWorld. "We are still in the process of finalizing the timeline for the patches," added the spokesperson. "We will update the respective security bulletins once patches are available." Adobe's official blog also mentions that users can monitor the latest information on the Adobe Product Security Incident Response Team blog or by subscribing to the RSS feed.
Security Vulnerabilities
According to information published Wednesday on Adobe's security bulletin on the company Web site, security issues compromised Photoshop CS5 and earlier, Illustrator CS5.5 and earlier, and Flash Professional CS5.5 and earlier. The security vulnerabilities in Adobe Photoshop could be exploited by opening malicious TIFF image files, said the company. Adobe characterized the issues as "critical vulnerabilities," which could be exploited to "take control of the affected system."
All of the reported security issues are ranked as Priority 3, which translates into "vulnerabilities in a product that has historically not been a target for attackers." When such cases occur, the company recommends that "administrators install the update at their discretion."
"For users who cannot upgrade...Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources," Adobe stated on its Web site.
Rule of Thumb
Adobe's initial stance requiring users to purchase a CS6 upgrade to fix the issues sparked great controversy, and was highly criticized by security experts and users. "The general rule of thumb is that security patches should be issued for all products still considered in-support, said Securosis security analyst Rich Mogull, as cited by MacWorld. "I recently did some research and found no cases where an out-of-support product was issued security fixes..." Both Adobe CS4 and CS5 are still supported, therefore the company has no excuse not to offer security patches, indicated Mogull.
Adobe launched CS5 in April 2010, and CS5.5 a year later, in April 2011. Photoshop CS6 Extended costs $399 to upgrade, Photoshop costs $199, Illustrator, $249, and Flash Professional, $99. Meanwhile, CS6 Design and Web Premium, the suite which includes all three affected software packages, comes with a $375 price tag. The news of security issues come after a busy week for Adobe, as the company had massive software releases, including its Creative Suite 6 and its Creative Cloud subscription-based products and services.
(reported by Alexandra Burlacu, edited by Dave Clark)
more stories from OS / Software
Microsoft has reportedly started talks with HTC to add its Windows OS to the phone maker's Android smartphones and HTC is apparently considering to make a Windows Phone/Android dual-booting smartphone.
ernest hamiltonA bug in Chrome for iOS 7 has caused Google's mobile browser to leak private searches made in 'Incognito' mode.
ernest hamiltonHTC has announced that Sprint has already started to roll out the Android 4.3 update to the HTC One, AT&T and T-Mobile will follow in mid-October, while Verizon will release it by the end of the month.
ernest hamiltonThe new Windows 8.1 has gone up for pre-order on the Microsoft Store, ahead of the official launch on Oct. 18.
ernest hamiltonApple has acknowledged the iOS 7 iMessage issue and promised to provide a fix in an upcoming software update.
ernest hamiltonSamsung Canada and French carrier SFR have confirmed the Android 4.3 Jelly Bean rollout schedule for the Samsung Galaxy S4, Galaxy S3 and Galaxy Note 2.
ernest hamiltonThe unlocked, international HTC One is getting Android 4.3 Jelly Bean now, but the U.S. and Canadian versions will 'slightly miss' the end-September timeframe.
ernest hamiltonThe Samsung Galaxy S4, Galaxy S3 and Galaxy Note 2 are reportedly slated to get Android 4.3 Jelly Bean in the fourth quarter, by year-end.
ernest hamilton