FAQtoid

***Richard*** · May-10-2012, 11:49 PM #1

Adobe has announced that there is a buffer overflow vulnerability in CS5 which permits a maliciously crafted TIFF file to execute arbitrary code in both Windows and OS-X. In plain English, this means that a TIFF file can infect your machine.

Adobe's solution? Upgrade to CS6. That's right, folks, they are not planning on issuing a fix for CS5. Now it is not uncommon for software vendors to stop patching older software at some point. Apple's Flashback fix does not cover OS-X 10.5 or earlier, for example. Microsoft isn't patching Win2K anymore, though they are still supporting XP, which is now over 10 years old. CS5 became "obsolete" less than a week ago. What is truly galling is that the bug was reported to Adobe in September, 2011. Not only did they fail to address the issue in a timely fashion, they didn't even let us know about it until they could use the issue to pump sales of their latest product.

Really classy, Adobe.

Edit: Just a clarification. Don't panic. Your own TIFF files are perfectly safe and there's no reason to stop using CS5. Just beware of opening TIFFs from untrusted sources in Photoshop.

mercphoto · May-11-2012, 04:11 AM #2

That is just awful. Glad I rarely need to use Photoshop anymore!

***Richard*** · May-12-2012, 01:02 PM #3

Update:

Adobe has backtracked and now says that it will issue a fix: http://www.securityweek.com/adobe-ch...-security-flaw


Similar Threads	Thread Starter	Forum	Replies	Last Post

Security Issue...	56Kruiser	SmugMug Support	10	Nov-07-2011 11:19 AM
Possible security issue	flyingdutchie	SmugMug Support	15	May-17-2008 08:25 AM
Review - Adobe Lightroom beta	Andy	Finishing School	72	Apr-08-2007 09:56 AM
Adobe proposes universal digicam 'raw' image format	Guzzler	The Big Picture	3	Sep-27-2004 10:19 AM

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

FAQtoid

Dgrin Challenges

Need some help with Accessories?

Tutorials

The Hot Seat

Africa!

SmugMug How To:

SmugMug News:

SmugMug Status

May-10-2012, 11:49 PM #1
*Richard* ^OP Mildly bemused Join Date: May 2005 Location: Madrid, Spain Posts: 14,332	Security issue in CS5 / Adobe rant Adobe has announced that there is a buffer overflow vulnerability in CS5 which permits a maliciously crafted TIFF file to execute arbitrary code in both Windows and OS-X. In plain English, this means that a TIFF file can infect your machine. Adobe's solution? Upgrade to CS6. That's right, folks, they are not planning on issuing a fix for CS5. Now it is not uncommon for software vendors to stop patching older software at some point. Apple's Flashback fix does not cover OS-X 10.5 or earlier, for example. Microsoft isn't patching Win2K anymore, though they are still supporting XP, which is now over 10 years old. CS5 became "obsolete" less than a week ago. What is truly galling is that the bug was reported to Adobe in September, 2011. Not only did they fail to address the issue in a timely fashion, they didn't even let us know about it until they could use the issue to pump sales of their latest product. Really classy, Adobe. Edit: Just a clarification. Don't panic. Your own TIFF files are perfectly safe and there's no reason to stop using CS5. Just beware of opening TIFFs from untrusted sources in Photoshop. __________________ My Pics

May-11-2012, 04:11 AM #2
mercphoto Bill Jurasz Join Date: May 2004 Location: Austin, TX Posts: 4,341	That is just awful. Glad I rarely need to use Photoshop anymore! __________________ Bill Jurasz - Mercury Photography - Austin TX A former sports shooter

May-12-2012, 01:02 PM #3
*Richard* ^OP Mildly bemused Join Date: May 2005 Location: Madrid, Spain Posts: 14,332	Update: Adobe has backtracked and now says that it will issue a fix: http://www.securityweek.com/adobe-ch...-security-flaw __________________ My Pics


Tell The World!

Tweet