Photoshop CS3 (#6): Two major security vulnerabilities extant, according to Secunia; continued installation issues
Photoshop CS3 (#6): Two major security vulnerabilities extant, according to Secunia; continued installation issues
Two major security flaws Secunia has published two advisories indicating serious security flaws in Photoshop CS3, as well as its CS2 predecessor.
The first flaw can be exploited by a maliciously crafted PNG file (a widely used format, especially in Web publishing) and works through boundary error within the PNG.8BI Photoshop Format Plugin. Once exploited, the flaw allows the potential for execution of arbitrary code.
The second flaw is similar in that it is exploitable through a maliciously crafted bitmap-formatted image through the BMP.8BI Photoshop Format Plugin (used to handle Bitmap files). It likewise holds the potential for arbitrary code execution.
Although there is no direct mention of Mac OS X vulnerability to these flaws, it appears that Mac versions of Photoshop CS3 and CS2 are potentially affected. We are awaiting confirmation from Adobe on that front.
Meanwhile, the temporary prophylactic against both flaws is to not open or use PNG or bitmap (.bmp) files from untrusted sources.
Continued installation issues Meanwhile, despite numerous available fixes (see the "previous coverage" section below), some users are still having difficulty installing Photoshop CS3.
MacFixIt reader Michael Berger writes:
"I spent 5 hours on the phone with adobe yesterday trying to get photoshop to launch. They took me to level 4 in the clean script while logged in as the root user and still nothing. I am on an MacBooPro with the intel. They left me with the promise they would get back to me in two days which I have no problem with I can just re-install CS2 I guess."
Feedback? Late-breakers@macfixit.com.
Previous coverage:
- Photoshop CS3 (#5): More fixes for installation problems
- Photoshop CS3 (#4): Beta may not have to be deactivated; Installation problems (cont.): caches may need to be cleared; more
- Photoshop CS3 (#3): Installation problems and fixes (cont.)
- Adobe Creative Suite 3 (#2): Installation problems; Photoshop CS3 beta (and others) must be uninstalled before installation
- Adobe Creative Suite 3 (Photoshop CS3, InDesign CS3, Adobe Illustrator CS3, etc.) ships
Resources