Adobe patches 'critical' holes in Photoshop CS4

The ability to add brushes, color swatches, and other customizations left an older version of Adobe's image-editing software vulnerable to attack.

Photoshop users like to expand what the software can do by downloading new brushes, gradients, and color swatches, but the ability to make those additions also turns out to have been a potential avenue for attack.

Adobe Systems on Wednesday released a Photoshop 11.0.2 security update to its earlier CS4 version of Photoshop for both Windows and Mac OS X versions to close off that avenue.

"Critical vulnerabilities have been identified in Photoshop CS4 11.0.1 and earlier for Windows and Macintosh that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious .ASL, .ABR, or .GRD file must be opened in Photoshop CS4 by the user for an attacker to be able to exploit these vulnerabilities," Adobe said in an advisory. ASL, ABR, and GRD files refer to swatches, brushes, and gradients, respectively.

The newly released Photoshop CS5 is not vulnerable, Adobe added.

About the author

Stephen Shankland has been a reporter at CNET since 1998 and covers browsers, Web development, digital photography and new technology. In the past he has been CNET's beat reporter for Google, Yahoo, Linux, open-source software, servers and supercomputers. He has a soft spot in his heart for standards groups and I/O interfaces.


Discuss Adobe patches 'critical' holes in Photoshop...

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Articles from CNET
The truth about Ultra HD 4K TV refresh rates