Adobe patches 'critical' holes in Photoshop CS4
The ability to add brushes, color swatches, and other customizations left an older version of Adobe's image-editing software vulnerable to attack.
Photoshop users like to expand what the software can do by downloading new brushes, gradients, and color swatches, but the ability to make those additions also turns out to have been a potential avenue for attack.
Adobe Systems on Wednesday released a Photoshop 11.0.2 security update to its earlier CS4 version of Photoshop for both Windows and Mac OS X versions to close off that avenue.
"Critical vulnerabilities have been identified in Photoshop CS4 11.0.1 and earlier for Windows and Macintosh that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious .ASL, .ABR, or .GRD file must be opened in Photoshop CS4 by the user for an attacker to be able to exploit these vulnerabilities," Adobe said in an advisory. ASL, ABR, and GRD files refer to swatches, brushes, and gradients, respectively.
The newly releasedis not vulnerable, Adobe added.