X

Adobe will issue free security fixes for CS5 apps after all

The company says it's working on patches for Creative Suite 5.<i>x</i> versions of Photoshop, Illustrator, and Flash. Previously, customers would have had to pay to upgrade to CS6 to get the fixes.

Edward Moyer Senior Editor
Edward Moyer is a senior editor at CNET and a many-year veteran of the writing and editing world. He enjoys taking sentences apart and putting them back together. He also likes making them from scratch. ¶ For nearly a quarter of a century, he's edited and written stories about various aspects of the technology world, from the US National Security Agency's controversial spying techniques to historic NASA space missions to 3D-printed works of fine art. Before that, he wrote about movies, musicians, artists and subcultures.
Credentials
  • Ed was a member of the CNET crew that won a National Magazine Award from the American Society of Magazine Editors for general excellence online. He's also edited pieces that've nabbed prizes from the Society of Professional Journalists and others.
Edward Moyer
2 min read

Adobe has apparently changed its mind about requiring customers to pay to get recent security patches for its Photoshop, Illustrator, and Flash Professional products.

The patches cover vulnerabilities that could let a remote user execute malicious code and take control of computers that are running the products.

A post to Adobe's security blog dated yesterday says the following:

We are in the process of resolving the vulnerabilities...in Adobe Illustrator CS5.x, Adobe Photoshop CS5.x (12.x) and Adobe Flash Professional CS5.x, and will update the respective Security Bulletins once the patches are available.

Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at http://blogs.adobe.com/psirt or by subscribing to the RSS feed at http://blogs.adobe.com/psirt/atom.xml.

Adobe had originally said customers would need to pay to upgrade to the CS6 versions of the products to get the fix.

The company told CNET sister site ZDNet Australia earlier that "while Adobe did resolve these issues in the Adobe Illustrator/Photoshop/Flash Professional CS6 major releases, no dot release was scheduled or released for Adobe Illustrator/Photoshop/Flash Professional CS5 or CS5.5," and that "the team did not believe the real-world risk to customers warranted an out-of-band release to resolve these issues."

Adobe told ZDNet Australia that it wasn't aware of any attacks that were taking advantage of the security flaws, but the news site noted that there is "a working proof of concept for the Photoshop vulnerability in the wild, which could make it trivial for a hacker to launch a targeted attack on a user."

Rich Mogull, a security analyst at Securosis.com, told Macworld that a software maker not issuing security patches for products it still supports breaks with "industry convention and customer expectations. If the products are really out of support, then that's understandable. But [Adobe's] own site shows them still within an active support window." Macworld reported on the CS5.x fixes earlier today.

We've contacted Adobe for comment on the patches and will update this post if and when we hear back.