Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Introduces the Paid Security Fix

Posted by timothy on from the sure-would-be-a-shame-if-somethin'-was-ta-happen dept.

Nimey writes "Adobe has posted a security bulletin for Photoshop CS5 for Windows and OSX. It seems there is a critical security hole that will allow attackers to execute arbitrary code in the context of the user running the affected application. Adobe's fix? You need to pay to upgrade to Photoshop CS6. For users who cannot upgrade to Adobe Photoshop CS6, Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources."

10 of 392 comments (clear)

  1. Ugh by bonch · · Score: 3, Informative

    If this was a years-old version, I'd understand, but CS5 was the latest version until literally days ago!

    1. Re:Ugh by bonch · · Score: 0, Informative

      That's incorrect. Photoshop, Illustrator, Fireworks, and Contribute weren't updated in CS5.5. See here.

  2. Re:Call it the Microsoft method by Anonymous Coward · · Score: 5, Informative

    Sorry but Microsoft does the best at offering security fixes at no cost. I can't think of another company that does it better than Microsoft.

  3. Re:Call it the Microsoft method by Galestar · · Score: 5, Informative

    I'm sorry, but even "Non-Genuine" copies of Windows still get security fixes. There is no comparison here.

    Windows: Pirate our software, we'll still give you security fixes (although we might put a watermark asking you to stop pirating it)
    Adobe: Buy our software, but you only get security fixes if you give us even more money.

    Hell, MS gives security fixes even to XP until 2014 (13 years after its release). CS5 is less than 2 years old.

    --
    AccountKiller
  4. They knew over six months ago! by greenreaper · · Score: 3, Informative

    This is especially egregious since according to the researcher's announcement, Adobe has been sitting on this bug since last September. Users of CS5 should demand a patch.

  5. Re:A non story by greenreaper · · Score: 3, Informative

    Here's the problem with that - they were told about the issue in September 2011. They didn't address it then, but apparently decided to wait until well after the public advisory.

  6. Re:Call it the Microsoft method by Koim-Do · · Score: 3, Informative

    Actually, if by "RHEL from 2008" you mean RHEL5 then you were quite wrong. Apparently, redhat promises security updates at last until sometime in 2017:

    https://access.redhat.com/support/policy/updates/errata/

  7. Re:Slight correction by Anonymous Coward · · Score: 4, Informative

    And it has only been released for purchase for a few DAYS. It was released this week (the week of the 7th).

    Almost makes me wonder if they new about the problem and only acknowledged it now so they didn't have to patch it for free. captcha revenues

  8. Re:Call it the Microsoft method by rayharris · · Score: 3, Informative

    This is not support. This is fixing something that was broke in the first place.

    --
    I void warranties.
  9. Re:Call it the Microsoft method by dudpixel · · Score: 3, Informative

    So are you offering to pay $10K or more for this hypothetical near-perfect software?

    or will you pay $200 and accept that there may be bugs (and that the company will offer fixes for major security issues for x years) ?

    It all comes down to economics at some point.

    --
    This seemed like a reasonable sig at the time.