![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Adobe Photoshop contains a buffer overflow vulnerability in its TIFF features that has already been the target of a public proof-of-concept exploit, as well as another unspecified security problem that allows attackers to secretly infect systems simply by getting users to open a specially crafted file.
I just bought, new, full student price, Adobe Creative Suite CS5.5, late last year. Probably 7 or 8 months ago. And now they want me to pay $200 for a bug in the system that everyone else patches for free. There's another wonderful quote from the article: "Adobe only makes the general recommendation that its customers should "follow security best practices and exercise caution when opening files from unknown or untrusted sources" as the holes do represent substantial threats."
"Security best practices" from everyone else is to download and install a patch that is freely available from the vendor. This idiocy from Adobe is going to cost them a lot of customers who are going to stop paying for the product and start pirating it. I am very happy with the feature set of the 5.5 suite and see no need to upgrade to PS 6 at this time, so I think I'm going to risk staying unpatched. I don't normally deal with files from untrusted sources, I'll have to be more vigilant about TIFF files, though. The unspecified vulnerability does concern me, though.
And there is proof of concept code for this exploit in the wild. Now that Adobe says it's not going to help people with software less than a year old, it will massively raise the visibility of this bug on the radar of exploiters and IT WILL be targeted.
http://www.h-online.com/security/news/item/Adobe-puts-a-price-tag-on-security-updates-for-Photoshop-and-others-1571517.html
But it's really not a problem! Adobe, all hail, says that Photoshop is not a target, so there's nothing to worry about!
http://www.h-online.com/security/news/item/Adobe-Photoshop-is-not-a-target-for-attackers-1572717.html
EVERYTHING is a target these days. NO SOFTWARE SHOULD GO UNPATCHED. While I hate theamountflood of patches that Microsoft releases, they are very good at patching their products. Apple releases patches at a slower rate, but is also very diligent about patching. Adobe needs to stop seeing this as a revenue stream and recognize that this is a responsibility that, if not fulfilled, is going to cost them customers.
Idiots. I wish I owned some Adobe stock so I could start a shareholder action to whack them upside the head with clue-by-fours.
EDIT: Adobe backs down, will release a patch for PS 5 and 5.5.
http://www.h-online.com/security/news/item/Adobe-backs-down-will-release-patches-for-critical-holes-1574341.html
I just bought, new, full student price, Adobe Creative Suite CS5.5, late last year. Probably 7 or 8 months ago. And now they want me to pay $200 for a bug in the system that everyone else patches for free. There's another wonderful quote from the article: "Adobe only makes the general recommendation that its customers should "follow security best practices and exercise caution when opening files from unknown or untrusted sources" as the holes do represent substantial threats."
"Security best practices" from everyone else is to download and install a patch that is freely available from the vendor. This idiocy from Adobe is going to cost them a lot of customers who are going to stop paying for the product and start pirating it. I am very happy with the feature set of the 5.5 suite and see no need to upgrade to PS 6 at this time, so I think I'm going to risk staying unpatched. I don't normally deal with files from untrusted sources, I'll have to be more vigilant about TIFF files, though. The unspecified vulnerability does concern me, though.
And there is proof of concept code for this exploit in the wild. Now that Adobe says it's not going to help people with software less than a year old, it will massively raise the visibility of this bug on the radar of exploiters and IT WILL be targeted.
http://www.h-online.com/security/news/item/Adobe-puts-a-price-tag-on-security-updates-for-Photoshop-and-others-1571517.html
But it's really not a problem! Adobe, all hail, says that Photoshop is not a target, so there's nothing to worry about!
http://www.h-online.com/security/news/item/Adobe-Photoshop-is-not-a-target-for-attackers-1572717.html
EVERYTHING is a target these days. NO SOFTWARE SHOULD GO UNPATCHED. While I hate the
Idiots. I wish I owned some Adobe stock so I could start a shareholder action to whack them upside the head with clue-by-fours.
EDIT: Adobe backs down, will release a patch for PS 5 and 5.5.
http://www.h-online.com/security/news/item/Adobe-backs-down-will-release-patches-for-critical-holes-1574341.html
