Lori Carey Photography

Friday, May 11, 2012

Critical security issue for users of PhotoShop CS5 and earlier

There is a critical security issue in Photoshop CS5 and older versions, a buffer overflow vulnerability which permits a maliciously crafted TIFF file to execute arbitrary code in both Windows and OS-X. Protek Research Lab reported the vulnerability to Adobe in September 2011 and rather than patch the existing version Adobe's solution is to address it in CS6. If you don't pay to upgrade from the previous verison you are SOL and should be very careful about opening any TIFF file that isn't your own.

In English - Unless and until you upgrade to CS6, do not use Photoshop to open any TIFF files unless you trust the source 100% or your computer could be hacked.

Adobe Security Bulletin APSB12-11

It's very disappointing to see that Adobe chose not to address the issue by releasing a patch at least for CS5. This is yet another move made by Adobe to force customers who choose not to switch to the subscription-based model to adhere to a shorter upgrade cycle. CS5 is two years old and cost $699 to purchase the base program or $999 for Extended. It costs $199 to upgrade from a previous version. This is not a small sum of money for an amateur, hobbyist or one-person shop. Most software companies support at least the previous version, and when we spend that much money on a software program we expect it to be supported at least for a reasonable period of time. As someone who has been using Photoshop since version 3.0 I've sunk $1600 into upgrades alone, and now they are telling me that unless I hand over another $200 I have to live with a critical security flaw? Shame on you Adobe!

On that note the free photo editing program GIMP recently announced that it is now able to handle 16-bit and 32-bit files in the development version.

No comments:

Post a Comment