September 1, 2014

Adobe Finally Updates the CS5 & CS5.5 Versions of Illustrator and Photoshop to Fix Security Vulnerabilities

Three weeks ago Adobe published two security advisories describing critical vulnerabilities in the CS5 and CS5.5 versions of Illustrator and Photoshop. The original advisories recommended that users upgrade to CS6 (which they would have to pay for) and didn’t offer any patches or updates for the CS5 and CS5.5 versions. Following complaints, bad press and an outcry from users, Adobe made a U turn and promised patches in due course. Those patches have now been released.

Illustrator

The vulnerabilities present in Adobe Illustrator CS5 (15.0.x) and Adobe Illustrator CS5.5 (15.1) for Windows and Macintosh could allow an attacker who successfully exploits these vulnerabilities to take control of the affected computer. Adobe has now released Adobe Illustrator CS5 (15.0.3) and Adobe Illustrator CS5.5 (15.1.1) to address the vulnerabilities. Specifically the update addresses six separate memory corruption vulnerabilities that could be exploited to let an attacker execute arbitrary code.

Photoshop

Like Adobe Illustrator, the vulnerabilities present in Adobe Photoshop CS5 (12.0) and Adobe Photoshop CS5.1 (12.1) for Windows and Macintosh could allow an attacker who successfully exploits these vulnerabilities to take control of the affected computer.

Adobe has now released security updates for Adobe Photoshop CS5 (12.0) and Adobe Photoshop CS5.1 (12.1) for Windows and Macintosh. For an attacker to exploit the vulnerabilities a malicious file must be opened in Photoshop. Adobe is not aware of any attacks exploiting these vulnerabilities. The update fixes three specific problems:

  1. A use-after-free TIFF vulnerability that could lead to code execution.
  2. A buffer overflow vulnerability that could lead to code execution.
  3. A stack-based buffer-overflow vulnerability in the Collada .DAE file format that could lead to code execution.

 

 

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks