5 June 2012

Security update for Photoshop CS5 & CS5.1

Adobe released a security update for Adobe Photoshop CS5 & CS5.1. The update addresses vulnerabilities that could allow an attacker to take control of the affected system when a user opened a malicious TIFF or DAE file in Photoshop CS5.1, Photoshop CS5 (or earlier!). While Adobe is not aware of any attacks exploiting these vulnerabilities, I would suggest you do download and install this update at your earliest convenience!

The update exists for both the Mac and Windows versions of Adobe Photoshop CS5 and CS5.1. If you are running Adobe Photoshop CS6, this issue does not apply and there is no need to for an update.

You can find the update at Adobe's own Photoshop Help website.

Details:
  • This update resolves a use-after-free TIFF vulnerability that could lead to code execution (CVE-2012-2027, Bugtraq ID 52634, which references www.securityfocus.com/bid/52634/).
  • This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2012-2028).
  • This update resolves a stack-based buffer-overflow vulnerability in the Collada .DAE file format that could lead to code execution (CVE-2012-2052, Bugtraq ID 53464, which references: www.securityfocus.com/bid/53464/).
  • This update applies to all languages, except Middle Eastern, North African French, and Greek. 


  • The 12.0.5 and 12.1.1 updates address only this security vulnerability. This issue does not exist in Photoshop CS6.

No comments:

Post a Comment