Adobe to patch Flash Pro, Illustrator and Photoshop CS5.x following public outcry

By Lee Kaelin on May 14, 2012, 8:30 AM

Adobe has backpedaled on a decision not to patch critical vulnerabilities in older editions of it signature Creative Suite package, asking users to upgrade to the new CS6 release instead, and spend hundreds of dollars in the process. The change of heart, of course, comes in response to the massive public outcry from customers.

The vulnerabilities in question could allow a remote user to execute malicious code and take control of the computer running the affected products. One bug exists in Flash Professional, two in Photoshop and a another five in Illustrator. While Adobe hasn't outlined the reason for reversing its decision, they did confirm they will now patch all eight vulnerabilities existing in the three software titles, the oldest of which is barely two years old.

"We are in the process of resolving the vulnerabilities addressed in these security bulletins in Adobe Illustrator CS5.x, Adobe Photoshop CS5.x and Adobe Flash Professional CS5.x, and will update the respective security bulletins once the patches are available," Adobe's product security response team wrote on their official blog.

In another statement to ZDNet Australia, the software house commented that "while Adobe did resolve these issues in the Adobe Illustrator/Photoshop/Flash Professional CS6 major releases, no dot release was scheduled or released for Adobe Illustrator/Photoshop/Flash Professional CS5 or CS5.5", because "the team did not believe the real-world risk to customers warranted an out-of-band release to resolve these issues."

Adobe's position also drew sharp criticism from industry security experts, with Graham Cluely of UK-based security firm Sophos writing on the firm's blog, "way to alienate a loyal customer base, Adobe." He continued, "Adobe meanwhile tells users to exercise caution over what files they open with their applications, if they aren't prepared to pay for the upgrade. What a PR disaster for the company."




User Comments: 7

Got something to say? Post a comment
Guest said:

We finally upgraded to CS5.5 last year so it's kind of ridiculous to me that updates for it are considered "out of band." Adobe is an awful company and I hate giving them money (almost as much as they hate their customers), but the alternatives to their products are so lackluster that making the switch is really hard. I'm also not thrilled at the prospect of explaining to my users that instead of Photoshop, they'll now be using a program called "GIMP."

Guest said:

What sort of security vulnerabilities are present? And how exactly are they exploited? I'm not gonna front, I'm using a cracked version so I'm concerned although I am planning on purchasing CS6 legit. In the meantime am I at risk somehow?

nazartp said:

Not sure about Acrobat, but both Illustrator and PS suffer from remote code execution threat via poisoned TIFF files.

Leeky Leeky said:

What sort of security vulnerabilities are present? And how exactly are they exploited? I'm not gonna front, I'm using a cracked version so I'm concerned although I am planning on purchasing CS6 legit. In the meantime am I at risk somehow?

Details of the vulnerabilities are listed in the blog post, by viewing the security bulletins for each of the three applications.

It's also worth pointing out that using cracked versions that are not fully updated can potentially put your machine at increased risk. I guess you need to weigh up that potential risk vs. the financial outlay for the genuine product.

captaincranky captaincranky, TechSpot Addict, said:

The interesting fact is, "adobeupdate.exe" runs at startup in every program they peddle.

Updates aren't normally provided, other than perhaps updates to their "camera. raw" to enable the import of raw files from newly released cameras.

The rest of what "adobeupdate.exe", "provides" is Adobe's "advertising messages".

So, it's not really a "program patcher"......it's ADWARE, plain and simple.

Mercifully, I have all the Adobe programs I'll ever need. The rest of you are on your own with those holes.

Newegg was offering Photoshop Elements 10 full edition last week for $45.00.

I can't believe I let that get away.. Oh, who am I kidding........?

Possibly the biggest irony of all is, Adobe's website is the slowest loading, (on average), of any major corporation I've visited. Doubly ironic when you consider Adobe is a company that specializes in media processing. Really, you visit their site, and sometimes it feels like you've gone back to dial up

Marnomancer Marnomancer said:

Possibly the biggest irony of all is, Adobe's website is the slowest loading, (on average), of any major corporation I've visited. Doubly ironic when you consider Adobe is a company that specializes in media processing. Really, you visit their site, and sometimes it feels like you've gone back to dial up

True, I've noticed it too.

Not to mention companies almost always develop a tendency to shoot themselves in the foot when their shares start rising. Did someone say Nero?

We finally upgraded to CS5.5 last year so it's kind of ridiculous to me that updates for it are considered "out of band." Adobe is an awful company and I hate giving them money (almost as much as they hate their customers), but the alternatives to their products are so lackluster that making the switch is really hard. I'm also not thrilled at the prospect of explaining to my users that instead of Photoshop, they'll now be using a program called "GIMP."

That, or you could donate some finances to the GNU/Open-source GIMP developer team so they can get working on adding your required features. If it's goodwill you want, it's goodwill you do.

captaincranky captaincranky, TechSpot Addict, said:

What sort of security vulnerabilities are present? And how exactly are they exploited? I'm not gonna front, I'm using a cracked version so I'm concerned although I am planning on purchasing CS6 legit. In the meantime am I at risk somehow?

Details of the vulnerabilities are listed in the blog post, by viewing the security bulletins for each of the three applications.

It's also worth pointing out that using cracked versions that are not fully updated can potentially put your machine at increased risk. I guess you need to way up that potential risk vs. the financial outlay for the genuine product.

Don't go away. it's time to play, "What's Wrong with this Post". Now let's introduce our host, "captaincranky".....(yay).

Well first, when our guest leads off with,, "I'm a pirate.....arrrgh" ! This usually results in a disqualification from the game. You know, it should be like they were never here, let alone getting questions answered.

...[ ]....although I am planning on purchasing CS6 legit. In the meantime am I at risk somehow?
That's what they all say. I suppose we've never heard that before? And in our little game of "Jeopardy", the correct question should have been, "who gives a s***"!

*Comments edited out by Leeky*

True, I've noticed it too.

Not to mention companies almost always develop a tendency to shoot themselves in the foot when their shares start rising. Did someone say Nero?

Indeed! If a person's wife or girlfriend was as bloated as the latest release of "Nero", you'd need a nudge with a wrecking ball to get her fat a** through the front door.

That, or you could donate some finances to the GNU/Open-source GIMP developer team so they can get working on adding your required features. If it's goodwill you want, it's goodwill you do.
The one thing that thus far sets Adobe Photoshop products apart from the pack, is the "adjustment layers" feature. Every POS open source and proprietary editing product has, "layers", but not " adjustment layers". You'll just have to google that, it's a bit complex for a slow typist. I really wouldn't know where to start without adjustment layers. If that has changed, feel free to correct me on it.

Adobe's "Photoshop Elements", has a robust editor, based in Photoshop's. The latest release (PSE 10), has a 64 bit editing section.

90% of people can get by just fine with PSE. Photoshop allows you to work in lab color, and output in CMYK. So, if your photos are going to a printing press, Photoshop is for you.

What really is a mystery to me, ,is why so many people go out of their way to steal a program they likely don't need, and possibly don't know how to operate anyway.

But what really pisses me off, is they feel obligated to wander through here anonymously, and insult our intelligence anyway.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.