Adobe patches 'critical' holes in Photoshop CS4

The ability to add brushes, color swatches, and other customizations left an older version of Adobe's image-editing software vulnerable to attack.

Photoshop users like to expand what the software can do by downloading new brushes, gradients, and color swatches, but the ability to make those additions also turns out to have been a potential avenue for attack.

Adobe Systems on Wednesday released a Photoshop 11.0.2 security update to its earlier CS4 version of Photoshop for both Windows and Mac OS X versions to close off that avenue.

"Critical vulnerabilities have been identified in Photoshop CS4 11.0.1 and earlier for Windows and Macintosh that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious .ASL, .ABR, or .GRD file must be opened in Photoshop CS4 by the user for an attacker to be able to exploit these vulnerabilities," Adobe said in an advisory. ASL, ABR, and GRD files refer to swatches, brushes, and gradients, respectively.

The newly released Photoshop CS5 is not vulnerable, Adobe added.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Microsoft leaves Apple in the dust with tablet and laptop innovation in 2015

Will there be one Apple Ring to rule them all? That's what a patent application says. Plus, building the thinnest gadget isn't innovation anymore and Apple just got a reality check from Microsoft.

by Brian Tong