Security issue in CS5 / Adobe rant

RichardRichard Administrators, Vanilla Admin Posts: 19,893 moderator
edited May 12, 2012 in The Big Picture
Adobe has announced that there is a buffer overflow vulnerability in CS5 which permits a maliciously crafted TIFF file to execute arbitrary code in both Windows and OS-X. In plain English, this means that a TIFF file can infect your machine.

Adobe's solution? Upgrade to CS6. That's right, folks, they are not planning on issuing a fix for CS5. Now it is not uncommon for software vendors to stop patching older software at some point. Apple's Flashback fix does not cover OS-X 10.5 or earlier, for example. Microsoft isn't patching Win2K anymore, though they are still supporting XP, which is now over 10 years old. CS5 became "obsolete" less than a week ago. What is truly galling is that the bug was reported to Adobe in September, 2011. Not only did they fail to address the issue in a timely fashion, they didn't even let us know about it until they could use the issue to pump sales of their latest product.

Really classy, Adobe.

:humungus

Edit: Just a clarification. Don't panic. Your own TIFF files are perfectly safe and there's no reason to stop using CS5. Just beware of opening TIFFs from untrusted sources in Photoshop.

Comments

Sign In or Register to comment.