Adobe patches critical vulnerabilities in Photoshop and Illustrator CS5.x

Adobe keeps its promise and releases security patches for older Photoshop and Illustrator versions

Lucian Constantin (IDG News Service)
05 June, 2012 12:02
Comments

Adobe released several security updates on Monday, addressing nine arbitrary code execution vulnerabilities that affect Adobe Photoshop and Adobe Illustrator CS5.x for Windows and Mac OS X.

Back in May, Adobe alerted users about the existence of eight security vulnerabilities in the CS5.x versions of Photoshop, Illustrator and Flash Professional.

At the time, the company advised customers to upgrade to the CS6 versions of those products, which aren't affected by those vulnerabilities, or to exercise caution when opening files from unknown sources if upgrading is not possible.

Adobe's suggestion that customers should pay a considerable amount of money -- US$199 per product upgrade -- in order to protect their systems from vulnerabilities that affect products they already bought, was strongly criticized by some security experts.

However, a few days after the initial security advisories were published, the software company publicly committed to releasing security patches for the CS5.x versions of the affected products as well.

On Monday, Adobe released security updates for Photoshop CS5 (12.0) and Photoshop CS5.1 (12.1) that address three arbitrary code execution vulnerabilities present in those products. If they were left unpatched, hackers could exploit them to take control of the operating system by tricking users into opening maliciously crafted files.

At the same time, the company released security patches for Adobe Illustrator CS5 (15.0) and Adobe Illustrator CS5.5 (15.1). These address six vulnerabilities that could be exploited in a similar manner and for the same goal as the Photoshop ones.

Adobe is not aware of any ongoing attacks that target the vulnerabilities patched by the newly released Photoshop and Illustrator security updates, the company said in the corresponding security bulletins.

Adobe Flash Professional CS5.5.1 remains vulnerable to a buffer overflow vulnerability that can lead to arbitrary code execution. The company is working on a patch and will release it at a later date.

"New manager arrives, fires most of the apparently-underskilled staff rather than training ..."

Solving the skills conundrum – part 1
"How many of the Fortune 500 companies have access to PRISM? https://en.wikipedia.org/wiki/Industrial_espionage ..."

Australia suspected to have PRISM data: Ludlam
"I don't fall into their whinging crap . In the last eight ..."

Australia Post’s mail business to lose $200 million this year
"Australia Post may have a monopoly on letters, but there are heaps ..."

Australia Post’s mail business to lose $200 million this year
"Totally overblown. iWork is a joke for real productivity. It is like ..."

Microsoft's ambivalence about Office on the Web gives Apple shot with iWork on iCloud

Latest Blog Posts

Whitepapers

Unleashing the Power of Information
If business-relevant information is not well managed, secured and analysed, it can become an underutilized asset or—worst case—a legal and competitive liability. Nearly all of the IT and business executives who responded to a recent survey recognise this risk, and say they understand the importance of having an enterprise information management (EIM) strategy. Find out more on how to reduce costs, improve competitiveness and avoid risk by making information management an enterprisewide strategic priority.

Learn more »
Russian Underground 101
This research paper intends to provide a brief summary of the cybercriminal underground and shed light on the basic types of hacker activity in Russia. It discusses fundamental concepts that Russian hackers follow and the information they share with their peers. It also examines prices charged for various types of services, along with how prevalent the given services are in advertisements. The primary features of each type of activity and examples of associated service offerings are discussed as well. Read this paper.

Learn more »
Staying Ahead of the Data Explosion
The total volume of data being processed and stored by businesses is rising exponentially. IDC has estimated that the size of the "digital universe" will increase 29 fold between 2010 and 2020. Data storage technology has undergone a steady increase in capacity, along with a steady decline in the cost per unit to store information. Unfortunately, data storage capacity is not keeping pace with data growth and necessitating greater intelligence in the storage infrastructure. Read more.

Learn more »

All whitepapers

Most Read
Most Commented

Get exclusive access to Invitation only events CIO, reports & analysis.

Latest Jobs

Zones

Featured Whitepapers

Bring Your Own Device FAQs

This report covers the frequently asked questions associated with the implications of BYOD devices in the workplace. Any solution in this space needs to be built on simplicity, scalability and ...

Recent comments

"New manager arrives, fires most of the apparently-underskilled staff rather than training ..."
Solving the skills conundrum – part 1
"How many of the Fortune 500 companies have access to PRISM? https://en.wikipedia.org/wiki/Industrial_espionage ..."
Australia suspected to have PRISM data: Ludlam
"I don't fall into their whinging crap . In the last eight ..."
Australia Post’s mail business to lose $200 million this year
"Australia Post may have a monopoly on letters, but there are heaps ..."
Australia Post’s mail business to lose $200 million this year
"Totally overblown. iWork is a joke for real productivity. It is like ..."
Microsoft's ambivalence about Office on the Web gives Apple shot with iWork on iCloud

Follow CIO

Market Place

Security 2013 Exhibition: 160 brands, new innovations, expert speakers & more, register now.

SolveXia’s key tips for CIOs seeking improved productivity through automation. Click here

Deploying mobility worthwhile challenge hear what CIOs have to say.. Read more

Now out of the office never means out of the loop. Office 365 – your complete office in the cloud.

Latest Jobs

Subscribe to CIO

Critical. Authoritative. Strategic. CIO magazine addresses the issues vital to the success of IT and business executives. Solutions-oriented editorial provides a greater understanding of the role IT plays in achieving corporate goals. Subscribe to the print edition today.

Download OPML file for import with all IDG RSS feeds

CSO Online Data Security Briefing

Adobe patches critical vulnerabilities in Photoshop and Illustrator CS5.x

Recommended

Is ‘fit for purpose’ the new government IT ...

Better IT makes for happier employees: Deloitte

With budget, NSW government leads Australia on ICT: ...

Debating the digital economy

Why the fuss about big data?

Homeless multinationals and taxing decisions

10 Tips for Dealing with a Bully Boss

How to define the scope of a project

5 open source help desk apps to watch

Australia suspected to have PRISM data: Ludlam

PMBOK vs PRINCE2 vs Agile project management

Australia Post’s mail business to lose $200 million this year

Online shopping reaches mainstream status

Salesforce.com aims for next $1 billion business with ExactTarget buy

Australia suspected to have PRISM data: Ludlam

Why Agile Isn't Working: Bringing Common Sense to Agile Principles

Symantec Business Critical Virtualisation Content Zone

BlackBerry Enterprise Service 10 Zone

HP Tech Connect Resource Centre

Bring Your Own Device FAQs

Enterprise Mobility Management: Embracing BYOD Through Secure App and Data Delivery

Webroot® SecureAnywhere™ Business - Endpoint Protection Technocal Overview

How to Boost the CIO’s Personal Effectiveness

Analyst Paper: Total Cost of Ownership